Messages

1

23.1 Legacy Series / Re: Reverse proxy and opnsense issues from local network

« on: May 19, 2023, 02:45:41 pm »

Unfortunately I already read and tested the implementation but it did not fixed the issue. What happened when I added the alternate hostnames of the machines in the network was that doing this I exposed the opnsense login page to the outside when trying to access the machines using the url hostnames (web.myhost.com for example).

2

23.1 Legacy Series / Reverse proxy and opnsense issues from local network

« on: May 19, 2023, 02:06:49 pm »

Hi,
First if that topic is already covered, excuse me. I did a search but nothing exactly the same as my issue (most are  due to IPS restrictions).

My setup

I have a opnsense router with 4 ports, one for WAN and three for LAN connections. I have a second machine with nginx acting as reverse proxy and web server with Let's Encrypt cerbot. The third machine is a Proxmox server with some VMs. The second machine, the third machine and some of the VMs have their own web addresses with url hostnames  - web.myhost.com, vm.myhost.com, etc.

Accessing all of these machines works just fine from outside the network. But if I try to access any of the machines in the network from within using the url hostnames (web.myhost.com for example) I get "A potential DNS Rebind attack has been detected." and Opnsense webpage.

If I activate the 1:1 option in the firewall, I can access the machines from within, but they now lose access to outside the network (I can't update them for example). I can still access them from outside of the network.

Is this a reverse proxy configuration issue or opnsense configuration issue?