OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Domain names behind OPNsense
« previous next »
  • Print
Pages: [1]

Author Topic: Domain names behind OPNsense  (Read 5972 times)

neggard

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
Domain names behind OPNsense
« on: September 29, 2016, 10:57:28 pm »
Now I have set up my firewall with open port 80 and config my webserver with 2 domains.
When I am outside the firewall I could use www.domain.com and domain.com and it works perfect.

But when I am behind the firewall the domain.com take me to the OPNsense login page
www.domain.com take me to a page that have this message on:

A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname.

I have read something about NAT reflection but cant get it right.
Can you help me?
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Domain names behind OPNsense
« Reply #1 on: September 30, 2016, 04:40:18 pm »
the easiest fix is using split DNS so it will resolve the internal IP instead of the external. NAT reflection is when you send packets to the wan interface it should handle them like the come from outside.
Logged

neggard

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
Re: Domain names behind OPNsense
« Reply #2 on: October 01, 2016, 11:08:15 pm »
I have tried split dns but I cant get it to work.

Do I need to do more than enable it?
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1543
  • Karma: 166
    • View Profile
Re: Domain names behind OPNsense
« Reply #3 on: October 02, 2016, 10:14:36 am »
Can you post a (redacted) screenshot of your Host Overrides from Services > DNS Forwarder please?

Bart...
Logged

neggard

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
Re: Domain names behind OPNsense
« Reply #4 on: October 02, 2016, 05:36:28 pm »
I made it works but not sure I made it correct.

In firewall -> advance I activate 'Reflection for port forwards' (pure NAT)
Also 'Reflection for 1:1' & 'Automatic outbound NAT for Reflection' is activate.

When I go to mydomain.com I am redirected to my webserver control panbel but When I add www to the adress it works.
That is ok for me, redirected to my site with coorect domain name made it easier to work with site.

Logged

neggard

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
Re: Domain names behind OPNsense
« Reply #5 on: October 02, 2016, 05:38:19 pm »
Probably I get some problem when I add SSL cert from lets encrypt.
But I try and see what happend.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Domain names behind OPNsense
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2