Reaching webserver in DMZ on domain name



  • Hi Guys,

    I am new with Firewalls and network. So i am learning with this.
    This question must be asked before but i could not find a solutions. Have tried to resolve this issue for hours… and i am giving up.. Hope someone can help me.

    I have PFsense configured with a WAN, LAN and DMZ. I created a webserver in DMZ with www.webserver.com (i have a bought domainname for this). From this outside this works fine with http and https. The problem is that i cannot reach the webserver on www.webserver.com, but only with IP of the DMZ server....

    I tried some things with DNS forwarder and resolver. But with no success.

    I realy hope some one can help me and sorry if i placed this at the wrong topic did not know for sure.

    regards,
    Koen


  • LAYER 8 Global Moderator

    setup host override to  point www.webserver.com to your rfc1918 address of your webserver in the dmz.. Done.



  • That is not working….

    When i created that rule i get a PfSense web page with the error:

    Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
    Try accessing the router by IP address instead of by hostname.

    A frend did some config changes and created a rule that ALL the traffic was forward to www.webserver.com.

    So www.google.com forwarded to www.webserver.com
    www.youtube.com forwarded to www.webserver.com


  • LAYER 8 Global Moderator

    Its a simple host override..

    your server sits on 192.168.1.100, create a host override either in the resolver or the forwarder which ever your using.. To point your fqdn www.domain.com to 192.168.1.100

    There is no rebind attack in this scenario… There would be for sure if your public dns is pointing to a rfc1918 address?  Did you try and do that on your public dns?  Host override is done on pfsense.  So clients using pfsense get this answer.. Clients on the public internet would get whatever your public IP is for your pfsense wan address and be forwarded in.


Log in to reply