OPT1 eating host headers? Or is it my ISP?


  • I have two DSL lines, one through AT&T and another through Covad Communications.  I set up AT&T as WAN and the Covad line as OPT1.  It seems as either pfsense is stripping my host headers out or Covad is.  I've got two websites on the same web server basically pointing to the same home directory.  One called test.domain.com, and another called test2.domain.com.  I can browse both from inside the firewall, so the sites and host headers are working properly.  I set an A record for test.domain.com to be the external IP of my Covad DSL line, and another record for test2.domain.com to be the IP address of the AT&T DSL line.  When I browse to test2.domain.com from an external connection, I get the webpage.  When I browse test.domain.com I get a Bad Request: Invalid Hostname error (HTTP 400).  I've even switched the WAN and OPT1 interfaces in the GUI (updating my one rule to forward port 80 to the web server to reflect the change) and even hooked up nothing BUT the covad line and disabled OPT1.  It still eats host headers.  I've included my current (working) NAT port forwards and firewall rules for your scrutiny:

    NAT
     
    LAN Rules

    WAN Rules

    OPT1 Rules


  • I have never heard of a firewall causing something like that. It is much more likely to be a problem with DNS and/or the web server configuration. But that's just my .02


  • @dotdash:

    I have never heard of a firewall causing something like that. It is much more likely to be a problem with DNS and/or the web server configuration. But that's just my .02

    Yes, you see that is exactly what I thought.  This weekend, I'm going to hook up my old Smoothwall to the Covad line and see what that gets me.  If my host headers are still getting boned, I'll know it's not the firewall.


  • It's not the firewall. If one were to say, look up the domain attached to your email and check the www record, one could see that it is the IP on WAN, and seems to work fine. If one overrides the record by adding www pointing to the IP on Covad, the web site comes up fine on the Covad.
    PS- I would sanitize the public IPs before posting, but I'm paranoid.


  • Cleaned up the IPs per dotdash's suggestion.


  • Resolved:  The paperwork I was getting my IP information from was one digit off the actual IP.  Pfsense was pulling an IP from Covad, and correctly displaying the IP.  The paperwork I was going off of to enter my A records was one digit off.  No big deal, a simple error, and an easy fix.  I apologize to whoever I was wrongly directing my traffic to :)