• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Reaching webserver in DMZ on domain name

Scheduled Pinned Locked Moved DHCP and DNS
4 Posts 2 Posters 547 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nelalith
    last edited by Nov 22, 2017, 9:27 PM

    Hi Guys,

    I am new with Firewalls and network. So i am learning with this.
    This question must be asked before but i could not find a solutions. Have tried to resolve this issue for hours… and i am giving up.. Hope someone can help me.

    I have PFsense configured with a WAN, LAN and DMZ. I created a webserver in DMZ with www.webserver.com (i have a bought domainname for this). From this outside this works fine with http and https. The problem is that i cannot reach the webserver on www.webserver.com, but only with IP of the DMZ server....

    I tried some things with DNS forwarder and resolver. But with no success.

    I realy hope some one can help me and sorry if i placed this at the wrong topic did not know for sure.

    regards,
    Koen

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Nov 22, 2017, 11:18 PM

      setup host override to  point www.webserver.com to your rfc1918 address of your webserver in the dmz.. Done.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • N
        nelalith
        last edited by Nov 23, 2017, 8:19 PM

        That is not working….

        When i created that rule i get a PfSense web page with the error:

        Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
        Try accessing the router by IP address instead of by hostname.

        A frend did some config changes and created a rule that ALL the traffic was forward to www.webserver.com.

        So www.google.com forwarded to www.webserver.com
        www.youtube.com forwarded to www.webserver.com

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Nov 24, 2017, 10:53 AM

          Its a simple host override..

          your server sits on 192.168.1.100, create a host override either in the resolver or the forwarder which ever your using.. To point your fqdn www.domain.com to 192.168.1.100

          There is no rebind attack in this scenario… There would be for sure if your public dns is pointing to a rfc1918 address?  Did you try and do that on your public dns?  Host override is done on pfsense.  So clients using pfsense get this answer.. Clients on the public internet would get whatever your public IP is for your pfsense wan address and be forwarded in.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received