Hi,
I am trying to make my OPNsense reachable through the internet. Unfortunately my ISP forces me to use a FRITZBox as a cable modem and therefore the OPNSense is behind the FRITZBox (which can't be set to bridge mode!).
I set up a DNS A record at my hoster so that my internet address www.blablabla.de points to my static IP address (let's say 130.xxx.yyy.zzz).
In short, my network structure looks like this:
Internet --> FRITZ Box (WAN: 130.xxx.yyy.zzz; LAN: 192.168.178.1/24) --> OPNsense (WAN: 192.168.178.2/24; LAN: 192.168.0.1/24)
On the FRITZBox I added port forwarding for HTTP and HTTPS to my OPNsense.
Now, when I enter https://www.blablabla.de in Chrome, a page of my FRITZBox appears that the request was rejected because of DNS rebind protection.
Q1: shouldn't the FRITZBox already forward the request to my OPNsense?
Well, then I added www.blablabla.de as an exception to the DNS rebind rules. Now when I refresh the browser tab, it opens the login page of my FRITZBox???
Maybe I misunderstand something from the ground up, but shouldn't it forward the request to the OPNsense in this case and show me the login page of the OPNsense?
What am I doing wrong here?
Thanks, Steven
That only works from outside your network - as far as I know the Fritzbox does not support hairpin NAT.
You could use a DNS override in e.g. Unbound to point to the private address of your OPNsense when you are connected to an internal network.
omg you are right! When I access the URL through my cell phone, it works :-)
I have Unbound running, but I have no clue about it...can you elaborate this?
Services > Unbound > Overrides - create an entry for "www.blablabla.de" that points to the internal address of your OPNsense.
Thank you, it works now!