Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    devices on same lan get rebind error

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 654 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JessicaSEUKJ
      JessicaSEUK
      last edited by

      I've managed to get connected and things basically working.
      I host my own web and mail sever.
      example ip's :
      web : 192.168.0.a
      mail: 192.168.0.b
      After changing the default to NAT+Proxy they are available from the outside world.
      Inside world, the locals pc's get a rebind attack error try using IP instead of hostname.
      I cant, both apache and the mailserver host multiple domains.
      1 tutorial suggested using Host overrides. That gave the same error and also did not like under Additional host names www.abc.xyx.com. I can just about live with that.
      But I need to direct www to the webserver IP and the imap, smtp, mail to the mail server on a different Ip.
      The setup is simple, one wan , one lan, all internal hosts have static ips. They are all on 192.168.0.x so no messing around with subnets or anything clever.
      Does anyone have any ideas ?
      Sorry if this is dumb, I only managed to get pfense to install on Friday.
      Dont know if this is relevant, everytime, I make a change to a setting using the GUI the browser always times out. Ive tried firefox, chrome on linux. Out of desperation tried using a mac with safari.
      Thanks. For a newcomer to pfsense, it is not exactly friendly. Hopefully, its as good as people say it is and Im not wasting my time on it.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        NAT+Proxy is a NAT reflection setting, it should only make any difference to internal clients trying to access port forwards not to external clients. So there's something odd there if you needed it.

        Generally if you want internal clients to be able to use port forwards like that when they are on the same network you should enable NAT reflection in pure NAT mode and set 'Enable automatic outbound NAT for Reflection'.
        https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#network-address-translation

        If your WAN IP is in a private subnet and the FQDN you are using is resolving to that you will need to disable the DNS rebinding check:
        https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html#dns-rebind-check

        Steve

        JessicaSEUKJ 1 Reply Last reply Reply Quote 0
        • JessicaSEUKJ
          JessicaSEUK @stephenw10
          last edited by

          @stephenw10 Hi,
          Thank you, I will try your suggestions out today.
          At the moment, Im not seeing any consistency across reboots.

          i.e I tried pfBlocker, it looked to be fine. Needed to reboot and all of the port fwds stoped working.
          Disabled it. Rebooted, everything was fine.
          Re enabled it, everything is fine.

          Whilst, I have very limited firewall knowledge, I've worked in dev for over 25 years and know enough to know something is very wrong.

          From the youtube tutorials, they seem to say I should have Blocker and Snort.

          I'm only using a home net with a few www's for things my wife and I do.
          Most important is our email, as that's how we receive and deliver work.

          We have been using ipFire for the last few years but they no longer support i5's, Which for our needs is plenty powerful and don't really want to buy a new PC for that when the i5 is / should be good enough.
          CPU is mostly about 3 to6 %, mem is 4G and it only uses 15 or so percent. That's not exactly a stressed system.

          Thanks again, hopefully, these are silly teething problems and soon we will see the benefits of pfSense.
          Your help is appreciated. People like you are invaluable to others.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Whilst I'd certainly rather you run pfSense I think you may be misreading the ipfire change in hardware requirements. They have this year stopped supporting 32bit x86 systems. Until that they supported all the way back to i586. But that is something waaay slower and more ancient than any Intel Core i5 CPU, all of which are 64bit. pfSense stopped supporting 32bit CPUs some years ago.

            I would certainly recommend making sure your pfSense install is working as expected without pfBlocker or Snort before installing them. It's all too easy to start blocking traffic with those packages and mistake that for lower level misconfiguration.

            Steve

            JessicaSEUKJ 1 Reply Last reply Reply Quote 1
            • JessicaSEUKJ
              JessicaSEUK @stephenw10
              last edited by

              @stephenw10 Thank you for all of your help.
              Its greatly appreciated.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.