WireGuard setup - IP address gets to unRAID, but domain goes to pfSense

New to this stuff. I’ve been slowly upping my home network/home server game since last spring when I was caged up due to having the 'ro. My skill level definitely leans toward the neophyte end of the spectrum. I’ll try to explain as best I can what’s going on…

Setup: pfSense on a thin client. UnRAID on another box running ddclient and WireGuard. Domain name through Name Cheap. I referred largely to this to set up WireGuard. I set up DNS via Name Cheap instead of using DuckDNS.

What’s happening: Using my cell phone with the WireGuard app and WiFi disabled. When I input the IP address (192.168.xxx.xxx) into a browser, I get to the unRAID login screen. I’m able to login and it seems to work as it should. However, when I input the domain name, I get one of two results - either the pfSense login screen, or a pfSense splash/error message screen with, “Potential DNS Rebind attack detected, see [Wikipedia]. Try accessing the router by IP address instead of by hostname.” I’m unable to discern the conditions that lead to the different results with pfSense. One time I swear I got the login screen on one browser and the Rebind attack notification on a different browser, all on the same cell phone at the same time. Right now I’m getting the Rebind error on both browsers.

I may have one little thing wrong, or my whole setup could be…non-conventional. I suspect it’s something to do with port forwarding or a firewall rule, but exactly what is a mystery to me. Still trying to learn what’s going on under the hood.

Thanks to anybody who takes the time to reply.

You need to change the port for the pfsenes web admin interface and turn off the WebGUI redirect under “System → Advanced ->Admin Access”

You will also need to get NAT reflection setup
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

And make sure your DNS is working correctly.

Still struggling with this due to my ignorance of a myriad of networking topics and how to configure the various parts and options of PFS. I understand this isn’t a turnkey sort of setup, but I definitely underestimated the learning curve. I feel like I’m missing a good bit of general networking knowledge, and once I gain that, I’ll be better able to apply it to the hardware/software I’m using.

Backing up, my immediate goal is to remotely access my IP address for web usage while outside my house. Beyond that, I want the ability to access my unRAID server and services running on it for file sharing, photo storage, etc, but I’m starting with just getting into the network. Step at a time.

For instance, in the NAT reflection area, which of the three options (disable, +Proxy, Pure) should I choose, and how would the other options on the page get set in light of that?

I recommend the Pure NAT setting as it will reflect the external rules internally.