DNS rebind attack trying to visit hosted servers



  • I searched the forums and still could not resolve this.

    I have a server, www.myserver.com hosted behind pfSense.  I have a virtual ip with port 80 forwarded to the server.  Visiting the server from the internet works great.  Visiting the server from behind pfSense is generating a potential dns rebind attack.

    From reading the forums, I thought my mistake was not enabling Pure NAT:

    Config for pure nat:
    I have enabled Pure Nat with box NAT reflection for 1:1 and automatic aboutdown NAT for reflection enabled.  I ahve nothing selected under TFTP proxy (unsure what that means)

    Unfortunately, that did not address the issue.

    My goal is:
    visiting the IP address of my LAN interface opens the configurator (works great)
    visiting any of the public IP's exposed to the WAN goes through the firewall and properly forwards to the correct server ((they all generate potential dns rebind attacks - disabling the rebind attack check just opens the configurator instead of the destination site)

    Thanks.



  • https://doc.pfsense.org/index.php/DNS_Rebinding_Protections

    System - Advanced - Admin Access - DNS Rebind Check



  • That has nothing to do with DNS rebinding specifically, it's that reflection isn't picking up the traffic. Most often because it's not enabled. Once it is enabled, you need to make sure you're initiating new TCP connections (fully close your browser and re-open it) that can be reflected.