Modifying pfSense settings to exclude ‘potential DNS rebind attack detected’ alert for internal server

A solution was found for a problem concerning a domain name, two years after the question was originally asked. The solution involved logging into pfsense through an IP address or a functioning domain name, accessing the “System” menu, selecting “Advanced”, then choosing “Admin Access”. The user then needed to enter their new domain name under the “Alternate Hostnames” option. The question that prompted this solution was related to accessing a local LEMP server through its domain name, as the PHP package used domain names in every link, making it impossible to use an IP address for the application.

Question:

To use a PHP package that relies on
domain names
in all links, I require access to a local LEMP server via its domain name since
IP address
cannot be used for this specific application.

Devices outside of the website are able to successfully access the domain.

pfSense controls two distinct networks. However, attempting to access the server via the domain on either network triggers the “Potential DNS Rebind attack detected” warning page. On the other hand, accessing the server’s pages using the IP address works without any issues.

The DHCP server’s Services configuration has a static mapping set up with the domain name specified.

The DNS Forwarder is enabled and it is configured to register DHCP static mappings.

I am running pfSense 2.1.5.

What else do I need to do?


Solution 1:

The inquiry was posed two years ago, yet I faced a similar issue pertaining to the domain name which I was able to fix by:

  1. Access pfsense by either the IP address or a functional domain name.
  2. Navigate to the Admin Access section, located under System -> Advanced. Enter your new domain name in the Alternate Hostnames field. Multiple domain names can be added by separating them with spaces.


Solution 2:


In the Firewall and NAT section, located under System -> Advanced, there is a feature that generates outbound NAT rules to aid inbound NAT rules that redirect traffic back to the subnet of origin. This option is called “Automatically create outbound NAT rules to support inbound NAT rules that direct traffic back out to the same subnet it originated from.


Solution 3:


Proceed to the “System” menu and select “Advanced”. Then navigate to the “Firewall/NAT” tab and activate the three required options.

1. Utilize Pure NAT in
nat reflection
mode for port forwarding.
2. Enable NAT Reflection for 1:1 NAT.
3. Activate automatic outbound NAT for Reflection.

Click Save.

If it resolves the problem you’re facing, please remember me in your prayers, as it did for me.

Thanks,

Frequently Asked Questions

Posted in Uncategorized