Problem with pfSense – Need help please

  • Okay…  Here is my setup (if you can understand it):

    I'm running the HOST under ESXi.

    Internet -> ESXi (pfSense) - Desktop - Zimbra Mail  (

    My connections and everything are working fine.  Zimbra is working fine.  I have full access to the internet on all machines on the network.

    However, here is my issue:  Whenever I try to connect to my Zimbra webmail from within the network (ie. Desktop/iPhone/anything) I get a rebind attack error message:

    Potential DNS Rebind attack detected, see
    Try accessing the router by IP address instead of by hostname. 

    If I make an entry into my HOSTS file on my destop to point to for then everything works fine.  While I can do this for my desktop, I cannot do this for my iPhone because I might not always be inside the network with my iphone.

    Is there a way that I can stop this error from happening?

  • Does resolves to a public ip address?

    If so, you may need to have a internal dns server to answer - when you are locally.

  • Yes, resolves to a public IP address.

    I have a DNS server in my network already (on the Zimbra box).  Is there a way that I can add an extra DNS server to my browser/mail client/iphone?  Meaning, right now I have (which is my pfSense router).  Maybe I can just add (my Zimbra box) as a secondary or third DNS server.  Will that work?

  • Or, is there a way that I can add that to pfSense somewhere?  Anything from within the network contacting will automatically be redirected by pfSense?

  • LAYER 8 Global Moderator

    yeah you can just add a record on pfsense to resolve to your internal address

    So when your phone is on your wifi network, it would use your wifi network dns to resolve to your private, and while its outside your network it would resolve the public IP address for that and access it that way.

    So your saying your internal dns on your Zimbra box resolves to the public IP for mail. ?

    So where does your phone and desktop get dns from currently, zimbra box or pfsense?

  • Sorry, the whole network gets the DNS from (pfSense).

    However on the Zimbra box my DNS is setup to itself.  I installed BIND on the Zimbra box to setup all the records that it needed.  I would just leave that alone because that box is working perfectly.  But for the others, where would I add the record into pfSense to have it resolve to the internal IP of

  • Netgate Administrator

    If you're using the pfSense DNS forwarder then you need to enable NAT reflection or set a DNS override.



  • Thank you for the link.  I enabled the split DNS and it is working beautifully.

Log in to reply