Squid 3 reverse proxy on port 8080



  • Hello friends,
    I'm trying to publish my web through reverse proxy (Squid3) which is hosted on my machine on port 8080. but when I try to access the web i receive the following message

    Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebi

    I took some snapshots of my configuration. I have enabled my local server to full access to any destination source.
    I also created a rule on the WAN interface from any to destination "WAN". according to what's stated in first squid page under squid reverse mode:
    "If this field is checked, the proxy-server will act in HTTP reverse mode. (You have to add a rule with destination "WAN-address")".

    is there anything I have to look at other than this? please advise








  • You did no selected any peer on squid reverse peer mapping screen shot.

    Are you sure your pfsense gui is listening on a port other then 8080?



  • Yes I did notice I did'nt select peer but then I selected it. and my pfsense is set on port 8001 not 8080.

    On Lan in Firewall section I enabled all incoming traffic to my webserver on port 8080, and I created a rule on WAN interface enabling all traffic to WAN address.

    I have 6 Public IP addresses and I'm using 1:1 to map the Public IP that I want to the Local Webserver hosted on port 8080. is this ok ? or do I need to use the main IP which pfsense WAN nic is on?



  • @moh10ly:

    I have 6 Public IP addresses and I'm using 1:1 to map the Public IP that I want to the Local Webserver hosted on port 8080. is this ok ? or do I need to use the main IP which pfsense WAN nic is on?

    You have to choose between reverse proxy or nat, both on same port will mess up your config.



  • Perfect now it works, but not sure how to use the mapping as it just goes to the root directory. when I type a subfolder in the site it doesn't connect.
    I would like to browse to www.mydomain.com/phppgadmin
    should I insert mydomain.com/phppgadmin in the mapping? or just type * ? and if i have more than one mapping will the first one overtake the one after?

    Thanks a lot for your help and support and hard work.. you're truly amazing



  • YOU'RE FUCKING AWESOME MAN!!!!!!!!! I DID IT.. Both sites now are accessible each on its own FQDN.  I LOVE PFSENSE and everyone here.
    BTW I have been using TMG and ISA since 2002 and never liked it .. and was waiting for the moment to get rid of it esp that some Microsoft employees told me that MS will not continue supporting TMG anymore.


Locked