Messages

1

Web Proxy Filtering and Caching / Re: Domains redirect to A potential DNS Rebind attack

« on: September 18, 2023, 09:27:15 pm »

Solved***

This was solved when I looked further into the way I set up the network.
I setup a DMZ and placed nginx in it and then placed everything else behind the Opnsense firewall.
Seemed like a good practice except in my configuration I had two dhcp servers. One for DMZ and the other for Opnsense. Although they were set up for different segments of the same subnet, that was my fatal error.
Unknown to me the DHCP server for the DMZ gave my local pc an address. Stupid me, I didn't check that and obviously I was on the wrong side of the firewall Duh!!
I've resolved this now and everything works as it should.

I can't see how to mark this as solved... anyone know?

2

Web Proxy Filtering and Caching / Re: Domains redirect to A potential DNS Rebind attack

« on: September 16, 2023, 05:52:15 pm »

Edit***
It seems that I have set this up correctly (all but the wrong ip address for the reverse proxy (should be 192.168.1.5 not 192.168.1.2)) and quite by accident I actually tested he domains from my phone wich is connected to a different network. Most of the domains are actually working.
So my local pc (on the same network) is blocking any domain that is originating from the same network.
A firewall thing I guess... Anyone know what this is?

3

Web Proxy Filtering and Caching / Domains redirect to A potential DNS Rebind attack

« on: September 16, 2023, 03:49:25 pm »

I've been going nuts trying to figure out what I've done wrong.
I've moved over from Pfsense to Opnsense as I believe that Opnsense software is far more superiour, but I still have a lot to learn.
In short my domains seem to be redirected back to the Opnsense ip giving me a potential DNS Rebind attack.

This is how I've set up my home lab:
Opnsense as a vm on the same server as all the apps running on Proxmox 8.
I created a dhcp pool within Opnsense for all the apps, containers and vms and static mapped the servers I wished to reverse proxy.
As I have 4 physical network cards, so I have LAN, WAN and DMZ.  I setup a DMZ with a dhcp outside of the Opnsense scope and added one app (Nginx Proxy Manager) and static mapped that from the DMZ pool.
So Proxmox node  is on a static ip outside of any dhcp scope.
Opnsense is set with a dhcp and starts with 192.168.1.1 and has a scope of 192.168.1.15 >100
NPM (Nginx Proxy Manager) is set to 192.168.1.5  as a static map so is sat in a DMZ
DMZ is 192.168.1.2 with a dhcp scope of 192.168.1.5>10
 
I created an alia to allow ports for NPM and firewall rules to allow access to NGP from the internal network.
Option   Value
Action   Pass
Interface   LAN
TCP/IP Version   IPv4+IPv6 (IPv6 is optional)
Protocol   TCP
Source   LAN net
Source Port   any
Destination   192.168.1.5
Destination Port   (an alias for port 80, 81, and 443)

I then created a rule to allow access to the servers from NPM
Action   Pass
Interface   DMZ
TCP/IP Version   IPv4+IPv6 (IPv6 is optional)
Protocol   TCP
Source   192.168.1.5 (or use an alias which may include the IPv6 address)
Source Port   any
Destination   192.168.1.111, 192.168.112, 192.168.113, 192.168.113, 192.168.114
Destination Port   WebServerPorts (an alias for port 80 and 443)

I then created a NAT port forwarding rule to allow external network access
Interface   WAN
TCP/IP Version   IPv4+IPv6 (IPv6 is optional)
Protocol   TCP
Source   any
Source Port   any
Destination   WAN address
Destination Port   WebServerPorts (an alias for port 80 and 443)
Redirect target IP   192.168.1.5
Redirect target port   WebServerPorts (an alias for port 80 and 443)
Filter rule association   Add associated filter rule

Any idea what I've done wrong as the domains should be redirected to the internal network but clearly don't.

EDIT****
I've since moved Opnsense from port 443 to 10443 but now the website cannot be reached. It looks like port forwarding isn't working