Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Unbound- SSL not translating over to our web server which is hosted locally

    DHCP and DNS
    3
    5
    107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lorentedford last edited by

      So we have two networks one is 10.10.10.0/24 (<- Server Ip addresses) The other is our home network 192.168.9.0/24. We also have a few other networks as well but from the outside we have been using Nat routing to our 10.10.10.4 example ip for our web and email servers.. As an example if these servers are running https on them for some reason from the home network of lets say 192.168.9.3 as an example we get this error.

      Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
      Try accessing the router by IP address instead of by hostname.

      6875bec0-d512-4768-90fe-449514e37802-image.png

      Now we have everything forwarded to the appropriate location we think..

      259d769a-ee1f-41d0-8bd9-79cf3b584fa8-image.png

      What settings should i change?? If i put the server into mixed mode non ssl and ssl it works if i put it with ssl only it doesn't work and gives me the rebind attack.

      1 Reply Last reply Reply Quote 0
      • kiokoman
        kiokoman LAYER 8 last edited by

        Immagine.jpg
        under System / Advanced / Admin Access

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        L 1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          You could either completely disable rebind protection, or just set those domains as private in unbound.

          https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

          L 1 Reply Last reply Reply Quote 0
          • L
            lorentedford @kiokoman last edited by

            @kiokoman Thank you for showing me how to disable the rebinding checks!

            These are public domains and the goal is to have them NATed to my webserver however now pfsense is claiming https://lorentedford.com how do i fix this?

            1 Reply Last reply Reply Quote 0
            • L
              lorentedford @johnpoz last edited by

              @johnpoz

              c784b6b8-a40f-42fe-9d25-609350236e6b-image.png

              By the way your spam protection sucks.. It didn't allow for me to past the contents of the custom options in code for some reason here is that screen shot..

              You guys might get that fixed..

              0b5cb22e-ba8d-408d-a004-f3ce5b2bb4dd-image.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post