Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IP Services Using Internal IP

    NAT
    3
    4
    451
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jonesc
      last edited by

      Hello

      I have basic setup with PFSense with WAN / LAN interface.

      I have a few servers that use the Public IP of my PFSense WAN interface.

      I can access the servers fine outside of the LAN, and currently all the DNS is being pointed to my Windows DC.

      If I try and access the servers with the web URLS I will get:

      "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
      Try accessing the router by IP address instead of by hostname. "

      I have tried disabling this in the Advanced setting section but that doesn't resolve the problem.

      What is the best practice to resolve this sort of problem?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

        -Rico

        1 Reply Last reply Reply Quote 1
        • J
          Jonesc
          last edited by

          Thanks

          I did

          n order to do this, navigate to System > Advanced, Firewall/NAT tab. On that page, select Pure NAT for NAT Reflection mode for port forwards, check Enable NAT Reflection for 1:1 NAT, and check Enable automatic outbound NAT for Reflection. Click Save.

          I then went into the rule and manually set the "Pure NAT" rarther than doing it for the whole setup.

          This has resolved the problem.

          LEGEND

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            So when pfsense forwards (or resolves) - ie asks your internal NS say vs a domain override in unbound for something and it gets back rfc1918 then that would be a rebind.

            You can set this domain to be private, then when pfsense forwards to it, it will allow for rfc1918 to be returned. Or you could (not recommended) just turn off rebinding protection all together.

            Here
            https://www.netgate.com/docs/pfsense/dns/dns-rebinding-protections.html

            There really should be no reason to have to nat reflect for this if your local NS return the rfc1918 address..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.