DNS Rebind attack. WHS 2011



  • I just set up my new pf sense box. The problem is getting remote access for my WHS 2011 box working. I added NAT port fowarding for port 80, 443, 4125. Now the problem I'm having is accessing my server from my xxxx.homeserver.com address when I type it into my address bar I get a message that states. Potential DNS rebind attack detected. I'm new to advanced networking and I like this router but I need help seting up the ports and rules so my server works. Thank you for any help.



  • If you are trying to test whether it works, you need to test it from the outside, not inside your network.  While it is possible to make it work inside, it is not an accurate test of whether it will work outside.  What is currently happening is that you are reaching your pfSense box when you are trying to test it inside, not your server.

    http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F



  • I have seen that. I am able to access it from outside my network. I would still like to resolve the issue so I can use the site name not the IP address inside my home. Just being picky. Thanks.

    Also My ISP blocks port 80 and WHS 2011 works on both 80 and 443 but whentrying to stream media the request comes on port 80 even if using HTTPS. My question is can I send my port 80 request to some type of DNS serveice have it sent to my network under a diferent port and then once back inside my network sent to port 80 again. I know crazy but to get port 80 open it will at least double my monthly isp bill. If you know a way i'm all ears.



  • @suicidegybe:

    My question is can I send my port 80 request to some type of DNS serveice have it sent to my network under a diferent port and then once back inside my network sent to port 80 again. I know crazy but to get port 80 open it will at least double my monthly isp bill. If you know a way i'm all ears.

    DNS doesn't do that…

    You can and setup a NAT translation rule:
    enable inbound port 8080 and set "Redirect target port" on the NAT rule to port 80

    Then you can visit:
    http://your_external_ip:8080/

    That will be redirected to port 80 on your WHS.


Locked