Monday, June 13, 2016

To allow the machines behind NAT accessing the public WAN IP address of the router (port forwarding to a internal web server)

Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding

Try accessing the router by IP address instead of by hostname.

To allow the machines behind NAT accessing the public WAN IP address of the router (port forwarding to a internal web server)

Method 1 - On pfSense:
System > Advanced > Firewall / NAT:
- NAT Reflection mode for port forwards: Enable (Pure NAT) or try (NAT + Proxy) if it did not work.
- click on "Save" button.


Method 2 - On pfSense:
Firewall > NAT > Port Forward > Edit Rule >:

NAT reflection: Enable (Pure NAT) or try (NAT + Proxy) if it did not work.

Method 3 - On pfSense:
Firewall > NAT > NAT: 1:1

External IP: 8.8.8.8
Internal IP: 192.168.7.5

Description: VC to gatekeeper (DMZ)

Save

Method 4 - On pfSense:

Under System->Advanced->Firewall and NAT there is an option "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from."

Method 5 - On pfSense:

I found it is better to use Services->DNS Resolver->General Settings and check Register DHCP leases in the DNS Resolver and Register DHCP static mappings in the DNS Resolver then add the server to the Host Overrides.

Reference:

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

http://networkengineering.stackexchange.com/questions/11401/configure-pfsense-to-not-give-potential-dns-rebind-attack-detected-warning-for

https://forum.pfsense.org/index.php?topic=64612.0

https://doc.pfsense.org/index.php/Multi-WAN_2.0#Gateway_Groups

No comments: