Unable to surf to internal webserver when using lan.
-
I have the following setup;
Wan address x.x.x.248
Firewall nat 1:1 & Virtual ip adress wan x.x.x.254Firewall
Wan
Pass IPv4 TCP * * x.x.x.4 80 (HTTP) *
Pass IPv4 TCP * * x.x.x.4 443(HTTPS) *DMZ
Reject Any DMZ net * LAN net * *
Pass Any * * * *LAN
Pass IPv4 TCP 10.0.6.0/24 * * 80 (HTTP) *
Pass IPv4 TCP 10.0.6.0/24 * * 443 (HTTPS) *Webserver is using the x.254 external address - works great!
However - if I set up i client on the lan (10.0.6.10 for example)- i can surf on to the internet but, I can't reach the webserver sites (the one with the wan address x.x.x.x.254) and get Potential DNS Rebind attack
I'm guessing this has something to do with another firewall rule.
Any ideas? -
If you want to reach your webserver by its public host name
-
set up an internal DNS with its internal IP address (split DNS) or if pfSense is your DNS add a host override or activate NAT reflection in the NAT rule.
-
add a rule to the LAN interface to allow LAN hosts to access the DNS server.
-
-
Added a site below Host Overrides in DNS Forwarder.
Host Domain IP
Example example.org 1.2.3.4 (dmz address)add a rule to the LAN interface to allow LAN hosts to access the DNS server.
Could you describe more in detail how such rule would look like?
Thanks in advance!
-
You have to allow port 53 TCP/UDP access to pfSense:
Pass IPv4 TCP/UDP LAN net * This Firewall 53 (DNS) * none DNS access -
Right, I have added that rule in firewall below Lan.
Cleared cache in the webbrowser, but I still get dns rebind attack.EDITED:
Looking more into Dns forwarder, I'm wondering if I have configured it correctly.
If i run```
nslookup google.comAdd screenshot from Dns Forwarder EDITED #2 Added my nslookup as attachment. I belive I would show my Pfsense as first dns, but it dosen't.     -
Bump
I think the question is "how do I setup dns forwarder correctly".