PfSense and web server
-
I have a firebox X550e with pfSense 2 on it and a web server hosting multiple domains. Everything works fine from the outside network but if i try to access the website by its URL on the LAN I am greeted with this message "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding.Try accessing the router by IP address instead of by hostname.". I know I could just add DNS records that point to the web server but I prefer not to do that.
Thank You
-
You can simply disable that warning in System: Advanced:
See: http://forum.pfsense.org/index.php/topic,40430.0.html
Steve
-
Thanks for the reply. That made it so the warning did not show up. But it just brings me to the pfSense login page not the website site on the server.
-
Is your webserver having internal ip-address?
then you need portforward to it.. (Firewall: NAT:Port Forward)
don't determine sourceport
-
You probably need to check the 'Disable webConfigurator redirect rule' box. Also in System: Advanced:.
You may also have to uncheck 'Disable NAT Reflection for port forwards' in System: Advanced: Firewall and NAT.
Steve
-
Metu69salemi - Port forwarding is already setup and working I can view the websites from the internet just not on my LAN.
stephenw10 - I will try that when I get home and report back.
-
theflu: If you had it already then Stephenw10's guidance should be the next step
-
Applying some more thought to this problem you probably just need to enable NAT reflection.
The original DNS rebind warning was caused by your webserver URL being redirected to the pfSense GUI. Disabling the warning and the redirect will prevent that but you probably still won't have access, by URL, to your webserver.
Enabling NAT reflection and leaving the warning and redirect enabled (their default) is the correct solution to this.
Steve
-
Thank you, that worked perfectly. I enabled the DNS-Rebind check and enabled NAT Reflection.
EDIT: I found this page explaining the problem in more detail and showing other solutions.
http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
