OPNsense Forum
English Forums => General Discussion => Topic started by: newbee on August 06, 2021, 12:00:04 pm
-
Hello
So i finally got opnsense up and running last week after nights of being stuck. meaning internet is passing through. Now i am trying to get the the webserver running.
Think im getting in a tangle. Im also getting this message for the main domain pointing at my ip:
"A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname."
I have made a VMs for my domains to be hosted and require reverse proxy as only have 1 ip. I installed the nginx plugin for opensense. Tried following online tuts to set it up. I then installed nginx in on the linux VM.
I only ever used apache with proxy and then nginx in docker. Now looks like i should use HaProxy in opnsense then nginx in the vm?
tried not to ask for hemp(sry ment help) but its been a week.
Thanks for any guidance
-
if your question is to solve: ""A potential DNS Rebind attack has been detected."
than you can set Firewall->settings->advanced: under Network Address Translation
check/enable all 3:
Reflection for port forwards
Reflection for 1:1
Automatic outbound NAT for Reflection
and it should work.
an other method is to change the specific portforward rule and change "NAT reflection" to enable
-
Hi
Yes not clear in my question here.
1. Just change the settings you suggested. Same error. I did notice i have FIREWALL>NAT>PORTFORWARD it as one entry saying "no redirect (green !)"
2. Use Haproxy or nginx on opensense
Thank you
-
is it with a domain name?
and have you placed the domain name in:
System -> Settings -> administration -> Alternate Hostnames -> "your-domain-name"
there is also the option DNS Rebind Check
what can be enabled. I did not have to, but maybe in your configuration?
-
Hi
Yes, so we have many domain names pointing at 1 fixed IP. Then into opnsense serving VMs in ESXI. so need to point to the ip address of the VM and add certs.