Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reaching webserver in DMZ on domain name

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 535 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nelalith
      last edited by

      Hi Guys,

      I am new with Firewalls and network. So i am learning with this.
      This question must be asked before but i could not find a solutions. Have tried to resolve this issue for hours… and i am giving up.. Hope someone can help me.

      I have PFsense configured with a WAN, LAN and DMZ. I created a webserver in DMZ with www.webserver.com (i have a bought domainname for this). From this outside this works fine with http and https. The problem is that i cannot reach the webserver on www.webserver.com, but only with IP of the DMZ server....

      I tried some things with DNS forwarder and resolver. But with no success.

      I realy hope some one can help me and sorry if i placed this at the wrong topic did not know for sure.

      regards,
      Koen

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        setup host override to  point www.webserver.com to your rfc1918 address of your webserver in the dmz.. Done.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • N
          nelalith
          last edited by

          That is not working….

          When i created that rule i get a PfSense web page with the error:

          Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
          Try accessing the router by IP address instead of by hostname.

          A frend did some config changes and created a rule that ALL the traffic was forward to www.webserver.com.

          So www.google.com forwarded to www.webserver.com
          www.youtube.com forwarded to www.webserver.com

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Its a simple host override..

            your server sits on 192.168.1.100, create a host override either in the resolver or the forwarder which ever your using.. To point your fqdn www.domain.com to 192.168.1.100

            There is no rebind attack in this scenario… There would be for sure if your public dns is pointing to a rfc1918 address?  Did you try and do that on your public dns?  Host override is done on pfsense.  So clients using pfsense get this answer.. Clients on the public internet would get whatever your public IP is for your pfsense wan address and be forwarded in.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.