Error when accessing website from within network
-
This is a great product, I have it installed and working, I am able to access my websites from the Internet, but when I try to access them from the intranet I getting the following error
What Have I got misconfigured please and the steps to correct the configuration
Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
Try accessing the router by IP address instead of by hostname.
-
Are you actually using TNSR? Or pfSense??
-
Do you have NAT reflection enabled? Sounds like you're connecting to the pfSense GUI.
-
-
@teamits No I do not, I believe, but will check when I get home. I am going to be purchasing a book covering PfSense do you have any suggestions of Authors
Mastering pfSense: Manage, secure, and monitor your on-premise and cloud network with pfSense 2.4, 2nd Edition
by David Zientara | May 9, 2018thanks Keith
P.S. if you have step by step instruction that would be VERY Much appreciated
-
-
I there a checklist type document that says under this situation you should use this type of NAT Reflection option
Keep in mind, this is nothing I perceive as being fancy a home network with a Dell R610 running ProxMox and vm's are a webserver, mail server (Zimbra) and a IRC server (Ircd), No domain server at home, just using Cox Business account DNS servers.
-
NAT reflection is used when one is trying to access the WAN IP from the LAN network. Reflection tells the router to reflect the request to the LAN IP. The other option is "split DNS" where your LAN resolves the hostname in question to a LAN IP and bypasses the router.
-
This is in the TNSR forum thread section. Better to move it to the pfSense general questions.
https://forum.netgate.com/category/38/general-pfsense-questions
-
@kdmiller61 said in Error when accessing website from within network:
under this situation you should use this type of NAT Reflection option
I would say NEVER, I would never suggest you ever use nat reflection - the only time it might be "required" is if the stupid app is hard coded to an IP.. Better to fix the APP.. hard coding of an IP is never a good idea..
The better solution would be to have your local dns resolve the local IP via fqdn of the resource your trying to access, vs hitting your wan IP just to be reflected back in.
btw - also moved this to general, since its clear this is not TNSR..
-
Yup split DNS is a better solution here.
https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
Steve
