Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense and web server

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theflu
      last edited by

      I have a firebox X550e with pfSense 2 on it and a web server hosting multiple domains. Everything works fine from the outside network but if i try to access the website by its URL on the LAN I am greeted with this message "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding.Try accessing the router by IP address instead of by hostname.". I know I could just add DNS records that point to the web server but I prefer not to do that.

      Thank You

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You can simply disable that warning in System: Advanced:

        See: http://forum.pfsense.org/index.php/topic,40430.0.html

        Steve

        1 Reply Last reply Reply Quote 0
        • T
          theflu
          last edited by

          Thanks for the reply. That made it so the warning did not show up. But it just brings me to the pfSense login page not the website site on the server.

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            Is your webserver having internal ip-address?
            then you need portforward to it.. (Firewall: NAT:Port Forward)
            don't determine sourceport

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              You probably need to check the 'Disable webConfigurator redirect rule' box. Also in System: Advanced:.

              You may also have to uncheck 'Disable NAT Reflection for port forwards' in System: Advanced: Firewall and NAT.

              Steve

              1 Reply Last reply Reply Quote 0
              • T
                theflu
                last edited by

                Metu69salemi - Port forwarding is already setup and working I can view the websites from the internet just not on my LAN.

                stephenw10 - I will try that when I get home and report back.

                1 Reply Last reply Reply Quote 0
                • M
                  Metu69salemi
                  last edited by

                  theflu: If you had it already then Stephenw10's guidance should be the next step

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Applying some more thought to this problem you probably just need to enable NAT reflection.

                    The original DNS rebind warning was caused by your webserver URL being redirected to the pfSense GUI. Disabling the warning and the redirect will prevent that but you probably still won't have access, by URL, to your webserver.

                    Enabling NAT reflection and leaving the warning and redirect enabled (their default) is the correct solution to this.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • T
                      theflu
                      last edited by

                      Thank you, that worked perfectly. I enabled the DNS-Rebind check and enabled NAT Reflection.

                      EDIT: I found this page explaining the problem in more detail and showing other solutions.
                      http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.