Public IP Services Using Internal IP
-
Hello
I have basic setup with PFSense with WAN / LAN interface.
I have a few servers that use the Public IP of my PFSense WAN interface.
I can access the servers fine outside of the LAN, and currently all the DNS is being pointed to my Windows DC.
If I try and access the servers with the web URLS I will get:
"Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
Try accessing the router by IP address instead of by hostname. "I have tried disabling this in the Advanced setting section but that doesn't resolve the problem.
What is the best practice to resolve this sort of problem?
Thanks in advance.
-
https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html
-Rico
-
Thanks
I did
n order to do this, navigate to System > Advanced, Firewall/NAT tab. On that page, select Pure NAT for NAT Reflection mode for port forwards, check Enable NAT Reflection for 1:1 NAT, and check Enable automatic outbound NAT for Reflection. Click Save.
I then went into the rule and manually set the "Pure NAT" rarther than doing it for the whole setup.
This has resolved the problem.
LEGEND
-
So when pfsense forwards (or resolves) - ie asks your internal NS say vs a domain override in unbound for something and it gets back rfc1918 then that would be a rebind.
You can set this domain to be private, then when pfsense forwards to it, it will allow for rfc1918 to be returned. Or you could (not recommended) just turn off rebinding protection all together.
Here
https://www.netgate.com/docs/pfsense/dns/dns-rebinding-protections.htmlThere really should be no reason to have to nat reflect for this if your local NS return the rfc1918 address..