Configure pfSense to not give 'potential DNS rebind attack detected' warning for local server

Question

I am needing to access a local LEMP server through its domain name for a PHP package that uses domain names in every link, making IP address usage not possible for this application.

I can access the domain just fine from devices elsewhere on the www.

pfSense manages two physically separate networks, but accessing the server with the domain brings up the "Potential DNS Rebind attack detected" warning page when accessed from either network, however, using the IP address brings up the server's pages just fine.

The server has a static mapping configured with the domain name set in the configuration in Services DHCP Server.

I have the DNS Forwarder enabled and the Register DHCP static mappings in DNS forwarder is checked.

I am running pfSense 2.1.5.

What else do I need to do?

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks — , May 17 '15 at 21:13
Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer. — Ron Maupin, Jan 03 '21 at 05:45
@RonMaupin I resolved the question for myself prior to an answer here. Over the years I have observed the pfSense devs to change the GUI such that configuring requires different steps even through previously configured devices do not require reconfiguration. Currently, it appears MarcoZen below is maintaining an answer, but over the years it is likely to become stale, or a new and better solution will be released. — Paul, Jul 11 '21 at 14:55

MarcoZen · Answer 1 · 2021-05-02T07:13:45.220

19

Its been two years since the question was asked, but I had the same problem (domain name) and SOLVED it by:

Log into pfsense via IP address or any working domain name
Goto System -> Advanced -> Admin Access and under Alternate Hostnames - key in your new domain name. You can add extra domain names by separating them with spaces.

edited May 02 '21 at 07:13

answered Jun 01 '19 at 04:26

MarcoZen

293
2
6

Just as a point of note (because I just spent the last 20 minutes doing this wrong), the name of the field is a little bit misleading... "hostnames"... it will accept both a hostname AND an FQDN with a different domain than the native/defined domain. So, if the firewall internally is connected to multiple domains, you need to make entries for BOTH the hostname and FQDN. For example... define con-fw and fab-fw as well as con-fw.contoso.com and fab-fw.fabrikam.com – Craig Sep 21 '22 at 08:24

score 4 · Answer 2 · edited May 01 '21 at 13:02

4

Under System->Advanced->Firewall and NAT there is an option "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from."

edited May 01 '21 at 13:02

MarcoZen

293
2
6

answered Nov 10 '15 at 00:01

bitcor

41
2

I found it is better to use Services->DNS Resolver->General Settings and check Register DHCP leases in the DNS Resolver and Register DHCP static mappings in the DNS Resolver then add the server to the Host Overrides. – Paul Nov 10 '15 at 20:49

score 4 · Answer 3 · answered Nov 25 '17 at 23:28

Go to System > Advanced, Firewall/NAT tab. then you need to enable three options:

1) Pure NAT for NAT Reflection mode for port forwards 2) Enable NAT Reflection for 1:1 NAT 3) Enable automatic outbound NAT for Reflection

Click Save.

It solved my issue and if it solves your issue, keep me in your prayers.

Thanks,

Configure pfSense to not give 'potential DNS rebind attack detected' warning for local server

3 Answers3