devices on same lan get rebind error
-
I've managed to get connected and things basically working.
I host my own web and mail sever.
example ip's :
web : 192.168.0.a
mail: 192.168.0.b
After changing the default to NAT+Proxy they are available from the outside world.
Inside world, the locals pc's get a rebind attack error try using IP instead of hostname.
I cant, both apache and the mailserver host multiple domains.
1 tutorial suggested using Host overrides. That gave the same error and also did not like under Additional host names www.abc.xyx.com. I can just about live with that.
But I need to direct www to the webserver IP and the imap, smtp, mail to the mail server on a different Ip.
The setup is simple, one wan , one lan, all internal hosts have static ips. They are all on 192.168.0.x so no messing around with subnets or anything clever.
Does anyone have any ideas ?
Sorry if this is dumb, I only managed to get pfense to install on Friday.
Dont know if this is relevant, everytime, I make a change to a setting using the GUI the browser always times out. Ive tried firefox, chrome on linux. Out of desperation tried using a mac with safari.
Thanks. For a newcomer to pfsense, it is not exactly friendly. Hopefully, its as good as people say it is and Im not wasting my time on it. -
NAT+Proxy is a NAT reflection setting, it should only make any difference to internal clients trying to access port forwards not to external clients. So there's something odd there if you needed it.
Generally if you want internal clients to be able to use port forwards like that when they are on the same network you should enable NAT reflection in pure NAT mode and set 'Enable automatic outbound NAT for Reflection'.
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#network-address-translationIf your WAN IP is in a private subnet and the FQDN you are using is resolving to that you will need to disable the DNS rebinding check:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html#dns-rebind-checkSteve
-
@stephenw10 Hi,
Thank you, I will try your suggestions out today.
At the moment, Im not seeing any consistency across reboots.i.e I tried pfBlocker, it looked to be fine. Needed to reboot and all of the port fwds stoped working.
Disabled it. Rebooted, everything was fine.
Re enabled it, everything is fine.Whilst, I have very limited firewall knowledge, I've worked in dev for over 25 years and know enough to know something is very wrong.
From the youtube tutorials, they seem to say I should have Blocker and Snort.
I'm only using a home net with a few www's for things my wife and I do.
Most important is our email, as that's how we receive and deliver work.We have been using ipFire for the last few years but they no longer support i5's, Which for our needs is plenty powerful and don't really want to buy a new PC for that when the i5 is / should be good enough.
CPU is mostly about 3 to6 %, mem is 4G and it only uses 15 or so percent. That's not exactly a stressed system.Thanks again, hopefully, these are silly teething problems and soon we will see the benefits of pfSense.
Your help is appreciated. People like you are invaluable to others. -
Whilst I'd certainly rather you run pfSense I think you may be misreading the ipfire change in hardware requirements. They have this year stopped supporting 32bit x86 systems. Until that they supported all the way back to i586. But that is something waaay slower and more ancient than any Intel Core i5 CPU, all of which are 64bit. pfSense stopped supporting 32bit CPUs some years ago.
I would certainly recommend making sure your pfSense install is working as expected without pfBlocker or Snort before installing them. It's all too easy to start blocking traffic with those packages and mistake that for lower level misconfiguration.
Steve
-
@stephenw10 Thank you for all of your help.
Its greatly appreciated.