Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Reverse proxy and opnsense issues from local network
« previous
next »
Print
Pages: [
1
]
Author
Topic: Reverse proxy and opnsense issues from local network (Read 4879 times)
Xumepoc
Newbie
Posts: 2
Karma: 0
Reverse proxy and opnsense issues from local network
«
on:
May 19, 2023, 02:06:49 pm »
Hi,
First if that topic is already covered, excuse me. I did a search but nothing exactly the same as my issue (most are due to IPS restrictions).
My setup
I have a opnsense router with 4 ports, one for WAN and three for LAN connections. I have a second machine with nginx acting as reverse proxy and web server with Let's Encrypt cerbot. The third machine is a Proxmox server with some VMs. The second machine, the third machine and some of the VMs have their own web addresses with url hostnames - web.myhost.com, vm.myhost.com, etc.
Accessing all of these machines works just fine from outside the network. But if I try to access any of the machines in the network from within using the url hostnames (web.myhost.com for example) I get "A potential DNS Rebind attack has been detected." and Opnsense webpage.
If I activate the 1:1 option in the firewall, I can access the machines from within, but they now lose access to outside the network (I can't update them for example). I can still access them from outside of the network.
Is this a reverse proxy configuration issue or opnsense configuration issue?
Logged
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: Reverse proxy and opnsense issues from local network
«
Reply #1 on:
May 19, 2023, 02:33:29 pm »
Hi, I just searched for "DNS rebind attack" and found this issue marked as solved
https://forum.opnsense.org/index.php?topic=14088.0
.
Logged
Xumepoc
Newbie
Posts: 2
Karma: 0
Re: Reverse proxy and opnsense issues from local network
«
Reply #2 on:
May 19, 2023, 02:45:41 pm »
Unfortunately I already read and tested the implementation but it did not fixed the issue. What happened when I added the alternate hostnames of the machines in the network was that doing this I exposed the opnsense login page to the outside when trying to access the machines using the url hostnames (web.myhost.com for example).
Logged
morik_opnsense
Newbie
Posts: 20
Karma: 0
Re: Reverse proxy and opnsense issues from local network
«
Reply #3 on:
January 29, 2024, 05:00:12 am »
I have the same issue as well. Using caddy instead of nginx. Were you able to solve it? If so, how?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1617
Karma: 177
Re: Reverse proxy and opnsense issues from local network
«
Reply #4 on:
January 29, 2024, 08:55:58 am »
If you use a reverse proxy as additional VM behind the OPNsense, you need to use Reflection and Hairpin NAT in order to get it work from inside your network. Because when you open your external IP address from inside your network, the OPNsense thinks it has to answer it.
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
As alternative if you use Caddy, you can also run that directly on the OPNsense (look at my signature). With that, you don't need any complicate NAT rules for things to just work. (I explained why here, when somebody asked that about HA Proxy and NAT
https://forum.opnsense.org/index.php?topic=38239
)
«
Last Edit: January 29, 2024, 08:58:12 am by Monviech
»
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Reverse proxy and opnsense issues from local network