• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

External clients - Potential DNS Rebind attack detected - Reverse Proxy

Scheduled Pinned Locked Moved DHCP and DNS
8 Posts 4 Posters 6.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    shoemakerbrian
    last edited by Feb 24, 2015, 3:21 AM

    My apologies up front for being a noob…

    Here is my issue, updated to version 2.2 latest version. Now just my external clients are unable to see the external websites I host.

    Simple base installation, configured for Email (MS Exchange), Squid (Reverse Proxy) and that should be it.

    Under Services > Reverse Proxy | Web Servers tab I have 3 websites that resolve to 3 different internal IP addresses.

    • hostname1.com resolves to 192.168.10.8
    • hostname2.com resolves to 192.168.10.8
    • hostname3.com resolves to 192.168.10.210

    Before update these functions worked, after update I can access them internally but from an external source get the following message:

    "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
    Try accessing the router by IP address instead of by hostname"

    When I access by IP instead of hostname, I will get the Pfsense admin interface.

    I have reviewed the following articles and tried them with no success.

    1. https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
      - Tried both Methods no luck...

    2. https://doc.pfsense.org/index.php/DNS_Rebinding_Protections

    3. https://forum.pfsense.org/index.php?topic=40430.0

    Let me know if I left something out, would appreciate any assistance you can provide.

    Regards,
    Brian

    1 Reply Last reply Reply Quote 0
    • K
      kejianshi
      last edited by Feb 24, 2015, 4:08 AM

      My answer to this problem was to put a vpn on a separate IP with a interface to the first vpn also that so that when someone needed to update their website or whatever, that traffic would go across that second interface but when they tried to go to our domains it would use the public ip of the second vpn.  I got tired of trying other ways.  Cost me an IP.

      1 Reply Last reply Reply Quote 0
      • S
        shoemakerbrian
        last edited by Feb 24, 2015, 5:20 AM

        ? Why would I put a VPN in, when your on the external side of the network you can't see the website at all, it just comes up with the DNS Rebind error. My guess is that it has something to do with a combination of DNS Forwarder and the Squid Reverse proxy.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by Feb 24, 2015, 5:29 AM

          I did it my way because a second pfsense VM on a second IP can access both the internal switch / lan the 1st one is attached to and also the public IP of the first firewall without throwing the error thats nagging you.  Why else would I bother with doing it this way than to get around the rebind thing.

          Even if you turned off rebind protection, you would probably just end up looking at the pfsense gui instead of the site you want.

          1 Reply Last reply Reply Quote 0
          • S
            shoemakerbrian
            last edited by Mar 1, 2015, 4:55 AM

            A VPN did not resolve the issue.

            So single IP address and hosting multiple websites, since the update to 2.2 the reverse proxy setup to view the sites do not work and I get the "Potential DNS Rebind attack detected"

            So I might just try to go back to version 2.1, with the same documented setup and get them back to normal.

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by Mar 1, 2015, 5:10 AM

              Thats because the vpn was NOT on a 2nd pfsense with a seperate public IP with a network interface to the same switch that the 1st pfsense is attached to.

              It works, for me anyway.  Your problem used to be my problem also.

              1 Reply Last reply Reply Quote 0
              • R
                rluzinda
                last edited by Sep 1, 2015, 3:29 PM

                Dear All,

                The solution is actually just a setting that will bail you out of this,
                All you need to do while accessing the WebGUI is; go to System> Advanced> Admin Access tab, Scroll down to the option that has Alternate Hostnames and enter the hostname your trying to reach your webconfigurator. For example you can type example.domain.com in the text field and Save.

                This solved my problem and am pretty sure it will solve yours too.

                Regards,
                Luzinda Roland

                1 Reply Last reply Reply Quote 0
                • B
                  Brailyn
                  last edited by Nov 29, 2015, 9:06 PM

                  Adding the alternate hostname to access the configurator pages does not help.

                  One of my websites is working from the outside, and so is the configurator…

                  root.ca works at rProxying to 10.0.0.1:443
                  pfsense.root.ca works at either my public IP, or it is going through the rProxy to 10.0.0.254:443...not sure.
                  dsm.root.ca gives the rebind issue...If I disable rebind checks, it shows the configurator page. Though I want it to go to 10.0.0.1:5001

                  Any advice on this issue would be appreciated.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    [[user:consent.lead]]
                    [[user:consent.not_received]]