Routing Issues

  • Hi All,

    Having a few issues setting up some routing, currently i have 2 domains that i am trying to use and the second domain i cannot get forwarding working.

    I have a server that i want to host some websites etc. using a different domain lets say

    I am currently using reverse proxy for lets say no problems running multiple websites on port 80.

    However i seem to be forwarded to the pfsense ui with a DNS Rebind error, if i type the public url for ssh requests the forwarding works, if i add the url into the mix nothing.

    Anyone got any ideas, i have tried multiple articles online like using happroxy but no joy.

  • LAYER 8 Global Moderator

    "However i seem to be forwarded to the pfsense ui with a DNS Rebind error"

    Are these resolving to rfc1918 addresses?

  • Yes they are forwarding to a 24 bit block address

  • LAYER 8 Global Moderator

    Public dns should not return rfc1918 address space - or yeah it looks like a rebinding attack.  Only local dns should resolve to rfc1918 space.

  • my pfsense has public dns servers not internal ones.

  • LAYER 8 Global Moderator

    Dude so you have a domain that anyone can resolve?? And it returns rfc1918 space?  Yeah that is borked!!

    Pfsense can be a forwarder or a resolver, and provide dns to self.  You can create host overrides for anything pfsense or your clients would need to resolve..  Putting rfc1918 space in some public nameserver is Borked!!  do not do that!!

  • Think i may have explained wrong.

    Internal Ip on webserver is rfc1918 address, our public ip address is not. i have a second interface which is in our dmz range but forwarding is nt working.

    Are you saying that the server needs to have some random ip that doesnt fall in the rfc1918 addresses

    Its external forwarding that is not working.

  • LAYER 8 Global Moderator

    You call it your dmz range?  Just another lan side network with rfc1918 address space off pfsense.

    Your not forwarding your using your reverse proxy.

    Where are you getting a rebinding attack?  From where?  If your on your lan, and you want to hit your other server that is in you dmz.. Are you trying to hit your public IP or resolving to your local.. Or are you coming from outside??

    So your saying if I for example hit your fqdn, I get a rebinding error?  Please PM these fqdn your working with.

  • I am completely at a miss with this one, url is

  • LAYER 8 Global Moderator

    that does not return rfc1918.. I returns public..

    ;      IN      A

    ;; ANSWER SECTION: 14400  IN      A

    Is that your IP?

    So what does your webserver resolve that too?  Is unbound asking a forwarded ns, did you forward the domain?  If so when unbound has to ask some other NS in the act of resolving or with a domain override and it returns rfc1918 to unbound that would be a rebind attack..

    From a quick scan I only show 21 open on that IP..

    Not shown: 99 filtered ports
    21/tcp open  ftp

    But no welcome message comes back..

  • yes this is the ip, however i have no port forward rules set up for ftp?

  • LAYER 8 Global Moderator

    well its shows its open..  And don't see http or https..

    Send a syn to 21, get back a syn,ack.. So something is listning.. Maybe its your modem/router in front of pfsense?

    Nmap scan report for (
    Host is up (0.00078s latency).
    Not shown: 999 filtered ports
    21/tcp open  ftp?
    |_ftp-bounce: no banner

  • Am i able to use reverse proxy for 2 different domain names?

    This is the only other reason i can see it not working?

  • LAYER 8 Global Moderator

    I find that highly unlikely since port 80 or https are not even open.. Are you running this domains on some odd port?  in you url?

    I just did a port scan of the top 1000 ports, and only thing answering is 21..

    So unless your using some other IP??  What are these other domains?  Do you have some sort of block in your wan for non UK IPs?  Like pfblocker or something blocking the US?

  • Nothing should be blocked for US

    Do i need to create extra NAT Rules for this website?

    As for the port the site is only using standard http port 80.

    I have 2 domain names that i am trying to use reverse proxy for, my primary domain is working fine for all reverse proxy requests etc.

    Seems to be this new domain i have that is not working.

  • LAYER 8 Global Moderator

    Post your wan firewall rules..  Like I said scanning your IP shows the ONLY Port that is open is 21..  That is out of nmap 1000 services in the intense scan template..

  • Attached

    ![Screen Shot 2016-12-12 at 15.50.39.png](/public/imported_attachments/1/Screen Shot 2016-12-12 at 15.50.39.png)
    ![Screen Shot 2016-12-12 at 15.50.39.png_thumb](/public/imported_attachments/1/Screen Shot 2016-12-12 at 15.50.39.png_thumb)

  • LAYER 8 Global Moderator

    well your firewall rule shows ok, but don't see any states on it.. So nobody on your website..  What I can tell you is those ports are not open from the internet.. I can not get to them.. I have to assume all your domains resolve to that IP.

    I do not show those ports open.. So is your isp blocking them now?  Do you have something in front of pfsense.  Is your reverse proxy not running?  I get no answer when I send syn to those ports.. If something was there listening, even if didn't know where to send me would get a syn,ack back so I could send it the url I wanted to go too.

  • Ok so i have called ISP and they don't block anything.

  • LAYER 8 Global Moderator

    dude run your own scan, go to  What IP comes up in the box?  Is that your IP your domains are pointing too?  Again I scanned that IP and port 80 is not listening..

    Here I just did it from another online scanner.. those 3 ports your firewall shows open 80,443,8080 all come back as filtered!!!  Ie nothing listening.. Notice no packets came back..

    Starting Nmap 6.00 ( ) at 2016-12-13 13:48 EET
    Initiating SYN Stealth Scan at 13:48
    Scanning ( [3 ports]
    Completed SYN Stealth Scan at 13:48, 2.83s elapsed (3 total ports)

    [+] Nmap scan report for (
    Host is up.

    80/tcp  filtered http
    443/tcp  filtered https
    8080/tcp filtered http-proxy

    Nmap done: 1 IP address (1 host up) scanned in 5.44 seconds
              Raw packets sent: 6 (264B) | Rcvd: 0 (0B)

    I would validate that is your actual IP..  Maybe your IP changed!!  Is your reverse proxy running and listening on those ports?  Because get nothing back from that IP on those ports

Log in to reply