Re: [pfSense] DNS Rebind
Sorry for top-posting. I am replying from a mobile device. What DNS servers is your computer set to use? If you are using something like Google Public DNS or OpenDNS, you will need to change your computer to use the pfSense for DNS. On Thursday, March 1, 2012, Jason T. Slack-Moehrle wrote: > Hi Yehuda, > > I created a rule via that link and I still dont see that it works. Here is > a screen shot of my rule. > > -Jason > > On Wednesday, February 29, 2012 at 4:30 PM, Yehuda Katz wrote: > > > On Wed, Feb 29, 2012 at 7:26 PM, Jason T. Slack-Moehrle < > slackmoeh...@gmail.com > (mailto:slackmoeh...@gmail.com)> > wrote: > > > am I blind in seeing where I would create DNS entries on the pfSense > box to run it as a DNS Server? > > > > > > > http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F#Method_2:_Split_DNS > > > -- Sent from a gizmo with a very small keyboard and hyper-active auto-correct. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DNS Rebind
Hi Yehuda, I created a rule via that link and I still dont see that it works. Here is a screen shot of my rule. -Jason On Wednesday, February 29, 2012 at 4:30 PM, Yehuda Katz wrote: > On Wed, Feb 29, 2012 at 7:26 PM, Jason T. Slack-Moehrle > mailto:slackmoeh...@gmail.com)> wrote: > > am I blind in seeing where I would create DNS entries on the pfSense box to > > run it as a DNS Server? > > > http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F#Method_2:_Split_DNS <>___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DNS Rebind
On Wed, Feb 29, 2012 at 7:26 PM, Jason T. Slack-Moehrle < slackmoeh...@gmail.com> wrote: > am I blind in seeing where I would create DNS entries on the pfSense box > to run it as a DNS Server? http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F#Method_2:_Split_DNS ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DNS Rebind
am I blind in seeing where I would create DNS entries on the pfSense box to run it as a DNS Server? -- Jason T. Slack-Moehrle On Wednesday, February 29, 2012 at 4:02 PM, Jason T. Slack-Moehrle wrote: > One of the sites is 6colors.net (http://6colors.net), another one would be > jasonandannette.us (http://jasonandannette.us) > > My wife says they work from her job. > > Can you explain to me how one does split-DNS? > > -- > Jason T. Slack-Moehrle > > > On Wednesday, February 29, 2012 at 3:49 PM, Yehuda Katz wrote: > > > On Wed, Feb 29, 2012 at 6:14 PM, Jason T. Slack-Moehrle > > mailto:slackmoeh...@gmail.com)> wrote: > > > When I plug my laptop into the LAN and try and hit one of the websites I > > > host I get forwarded the pfsense admin URL but get an error that states: > > > > > > Potential DNS Rebind attack detected, see > > > http://en.wikipedia.org/wiki/DNS_rebinding > > > Try accessing the router by IP address instead of by hostname. > > > > > > > > > This happens to a few of the sites, but it doesn't seem to happen to all > > > of them that are hosted on that box. > > > > > > > > > Can anyone help me to understand what is happening and how to fix it? > > > > When you are somewhere else, do the websites work properly? > > > > Usually pfSense does not support accessing a public IP that is on the > > pfSense WAN. In order for that to work you need to have NAT-reflection > > enabled. > > We have never been able to get NAT reflection working on our network, so we > > just set up split-DNS (that you have different DNS for those sites your > > LAN), so the clients on the LAN do not know about the 1-1 NAT on the > > pfSense. > > > > - Y > > ___ > > List mailing list > > List@lists.pfsense.org (mailto:List@lists.pfsense.org) > > http://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DNS Rebind
One of the sites is 6colors.net, another one would be jasonandannette.us My wife says they work from her job. Can you explain to me how one does split-DNS? -- Jason T. Slack-Moehrle On Wednesday, February 29, 2012 at 3:49 PM, Yehuda Katz wrote: > On Wed, Feb 29, 2012 at 6:14 PM, Jason T. Slack-Moehrle > mailto:slackmoeh...@gmail.com)> wrote: > > When I plug my laptop into the LAN and try and hit one of the websites I > > host I get forwarded the pfsense admin URL but get an error that states: > > > > Potential DNS Rebind attack detected, see > > http://en.wikipedia.org/wiki/DNS_rebinding > > Try accessing the router by IP address instead of by hostname. > > > > > > This happens to a few of the sites, but it doesn't seem to happen to all of > > them that are hosted on that box. > > > > > > Can anyone help me to understand what is happening and how to fix it? > > When you are somewhere else, do the websites work properly? > > Usually pfSense does not support accessing a public IP that is on the pfSense > WAN. In order for that to work you need to have NAT-reflection enabled. > We have never been able to get NAT reflection working on our network, so we > just set up split-DNS (that you have different DNS for those sites your LAN), > so the clients on the LAN do not know about the 1-1 NAT on the pfSense. > > - Y > ___ > List mailing list > List@lists.pfsense.org (mailto:List@lists.pfsense.org) > http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DNS Rebind
On Wed, Feb 29, 2012 at 6:14 PM, Jason T. Slack-Moehrle < slackmoeh...@gmail.com> wrote: > When I plug my laptop into the LAN and try and hit one of the websites I > host I get forwarded the pfsense admin URL but get an error that states: > > Potential DNS Rebind attack detected, see > http://en.wikipedia.org/wiki/DNS_rebinding > Try accessing the router by IP address instead of by hostname. > > This happens to a few of the sites, but it doesn't seem to happen to all > of them that are hosted on that box. > > Can anyone help me to understand what is happening and how to fix it? > When you are somewhere else, do the websites work properly? Usually pfSense does not support accessing a public IP that is on the pfSense WAN. In order for that to work you need to have NAT-reflection enabled. We have never been able to get NAT reflection working on our network, so we just set up split-DNS (that you have different DNS for those sites your LAN), so the clients on the LAN do not know about the 1-1 NAT on the pfSense. - Y ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] DNS Rebind
Hi All, So my pfsense box is in place and working. I have virtual IP's assigned to the WAN and 1:1 NAT from the public IP's on the WAN to the servers on the LAN. When I plug my laptop into the LAN and try and hit one of the websites I host I get forwarded the pfsense admin URL but get an error that states: Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname. This happens to a few of the sites, but it doesn't seem to happen to all of them that are hosted on that box. Can anyone help me to understand what is happening and how to fix it? -Jason ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list