• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname.

Scheduled Pinned Locked Moved DHCP and DNS
6 Posts 3 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    koy
    last edited by Jun 27, 2023, 7:13 AM

    Hi Professionals,

    I have a website hosting on my personal server, I access it outside my network even before.

    My problem is, when I installed Pfsense and use a Static IP address but my website can't reach on my new installed pfsense.
    this is the error message "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
    Try accessing the router by IP address instead of by hostname.".

    I still access my website in other network only in my pfsense has a problem.

    Can someone encountered this before?

    Thank you

    R S 2 Replies Last reply Jun 27, 2023, 7:39 PM Reply Quote 0
    • R
      rcoleman-netgate Netgate @koy
      last edited by Jun 27, 2023, 7:39 PM

      @koy said in Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname.:

      Can someone encountered this before?

      Hundreds of times.

      You are using the same port (443?) for both pfSense and the behind-the-router webserver?

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      K 2 Replies Last reply Jun 28, 2023, 5:43 AM Reply Quote 1
      • S
        SteveITS Galactic Empire @koy
        last edited by Jun 28, 2023, 1:14 AM

        @koy https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html#dns-rebind-check

        Sounds like you are allowing access to your WAN IP (pfSense) instead of NAT forwarding port 443 to your web server.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • K
          koy @rcoleman-netgate
          last edited by Jun 28, 2023, 5:43 AM

          @rcoleman-netgate Hi, Thanks for your response.

          Yes I used 443 but the other is in Fortinet firewall. The static IP I connect to my pfsense was originally on fortigate, bacause I have a dual wan on my fortigate and I pulled out the 1 isp and connect it to my newly installed Pfsense.

          Can you help me to fix this problem.

          Thank you

          1 Reply Last reply Reply Quote 0
          • K
            koy @rcoleman-netgate
            last edited by Jun 28, 2023, 5:52 AM

            @rcoleman-netgate hi, Thank you for your response.

            Yes I Allowed access to my WAN IP's but not in Pfsense.

            I have fortigate firewall and have a dual WAN (2 ISP). And I allowed both 443 (for redundancy) Access for my web server.

            So I created a newly Pfsense and I pulled out 1 ISP to connect to my Pfsense. And after that the problem came. I have a basic configuration in my pfsense, I dont have any port forwarding and NAT config yet.

            Can you help me how fix my problem.

            Thank you

            S 1 Reply Last reply Jun 28, 2023, 3:09 PM Reply Quote 0
            • S
              SteveITS Galactic Empire @koy
              last edited by Jun 28, 2023, 3:09 PM

              @koy Are you trying to connect to your WAN IP port 443 from LAN? If so you need to enable Reflection on the NAT rule. Otherwise you'll connect to the pfSense web server, and see that message. Or use Split DNS instead.

              https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received