Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Unbound- SSL not translating over to our web server which is hosted locally

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 656 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lorentedford
      last edited by

      So we have two networks one is 10.10.10.0/24 (<- Server Ip addresses) The other is our home network 192.168.9.0/24. We also have a few other networks as well but from the outside we have been using Nat routing to our 10.10.10.4 example ip for our web and email servers.. As an example if these servers are running https on them for some reason from the home network of lets say 192.168.9.3 as an example we get this error.

      Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
      Try accessing the router by IP address instead of by hostname.

      6875bec0-d512-4768-90fe-449514e37802-image.png

      Now we have everything forwarded to the appropriate location we think..

      259d769a-ee1f-41d0-8bd9-79cf3b584fa8-image.png

      What settings should i change?? If i put the server into mixed mode non ssl and ssl it works if i put it with ssl only it doesn't work and gives me the rebind attack.

      1 Reply Last reply Reply Quote 0
      • kiokomanK Offline
        kiokoman LAYER 8
        last edited by

        Immagine.jpg
        under System / Advanced / Admin Access

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        L 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          You could either completely disable rebind protection, or just set those domains as private in unbound.

          https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          L 1 Reply Last reply Reply Quote 0
          • L Offline
            lorentedford @kiokoman
            last edited by

            @kiokoman Thank you for showing me how to disable the rebinding checks!

            These are public domains and the goal is to have them NATed to my webserver however now pfsense is claiming https://lorentedford.com how do i fix this?

            1 Reply Last reply Reply Quote 0
            • L Offline
              lorentedford @johnpoz
              last edited by

              @johnpoz

              c784b6b8-a40f-42fe-9d25-609350236e6b-image.png

              By the way your spam protection sucks.. It didn't allow for me to past the contents of the custom options in code for some reason here is that screen shot..

              You guys might get that fixed..

              0b5cb22e-ba8d-408d-a004-f3ce5b2bb4dd-image.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.