Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Xentrk

Pages: [1]
pfBlockerNG / pfBlockerNG preventing PBS channel on Roku 4 from Working
« on: January 03, 2018, 07:46:39 am »
I have 2.4.2-RELEASE-p1 installed. 

The PBS Channel App on my Roku stopped working recently when using pfBlockerNG.  I am able to select the channel and browse the selection of shows.  Once I select a show, a spinning symbol starts to spin and then returns to the main Roku menu.  May be similar to the issue I reported back in June 2017 here

Disabling DNSBL has no impact on the issue.  On the Roku, PBS does work if I turn off pfBlockerNG.  PBS does not work if I have pfBlockerNG turned.  What is strange is that the PBS channel works fine on the Amazon Fire Stick. 
The PBS channel on the Roku works if I connect it to my Asus Router.  This router uses the host-based ad blocking solution called AB-Solution. 

I am at a loss at how to troubleshoot the issue.  Nothing obvious appears in the Alerts page.  Any ideas are welcome.

pfBlockerNG / DNSBL - Certificate error when acccessing
« on: November 07, 2017, 09:20:28 pm »
I think this started with the 2.4.1 upgrade. is being blocked by one of the blocklists.  So I whitelisted the domain by clicking on the plus sign to add the entry to the Custom Domain Whitelist in DNSBL. I bounced Unbound and cleared Firefox browser cache. 

I now get this error when trying to access

Code: [Select]
An error occurred during a connection to You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

If I disable DNSBL, I can access with no issues.

Firewalling / Firewall blocking some websites
« on: August 16, 2017, 03:21:47 am »
For the past year, I routed all of my traffic to the VPN tunnel and everything went well. I now need to route some clients thru the WAN interface. I have created policy rules and at first, everything worked okay.  I started experiencing issues with http traffic being blocked for the clients that went thru the WAN interface.  Most of the sites were news and speed test sites.  I posted the issue here.

I thought I had the issue resolved earlier today by removing snort and unchecking some of the Suricata rules.  But now a new issue is appearing.  I started getting blocked on  The other news and speed test sites are okay so far.  So, I removed Suricata all together to eliminate that as the potential issue.  When I look at the logs and click on the X, I see the message:

The rule that triggered this action is:

@9(1000000103) block drop in log inet all label "Default deny rule IPv4"

Attached are sample entries.

When I do a nslookup, I see the ipv4 ip address did not get returned:


Addresses:  2a04:4e42:600::323

A few minutes later, I try again, and they appear:


Non-authoritative answer:
Addresses:  2a04:4e42:600::323

I did not do anything that I am aware of to get the ipv4 address working again.   

I also run pfBlockerNG on the WAN and two VPN Client interfaces.  Any ideas are welcome.  Thank you!

After posting this, I left for two hours and returned home. I wanted to go to the pfsense doc web site to read more about firewall and what  could be causing my grief. The page could not be loaded. Good grief!  Notice how the ipv4 ip address for the site is not listed when performing a nslookup.


Address:  2610:160:11:11::68

IDS/IPS / "Block snort2c hosts" blocking http traffic for LAN clients
« on: August 14, 2017, 02:12:52 am »
For the past year, I've had all traffic on the LAN go thru the VPN tunnel.  Everything worked great.

I recently created firewall rules on the LAN to route some clients over the WAN interface and others over the VPN interface.  The clients that go thru the VPN interface are fine.  The issue is with the clients that go thru the WAN interface.  The firewall is blocking http traffic for these clients.  https traffic is okay.  When I go to the firewall system log and click on the "x", I see this message:

@51(1000000118) block drop log quick from any to <snort2c:10> label "Block snort2c hosts"

I am running both suricata and snort.  Turning off both of them does not fix the problem. However, if I reboot the router, there is a three minute window where the http traffic can get thru to the WAN from the LAN before it gets blocked. 

I am not sure how to fix this issue. I went back thru the pfsense docs for snort and created a pass list for LAN clients and implemented it. But it did not work. Plus, the default list should have handled this situation. So I removed it. 

I hope that someone can help point me in the right direction. 

Thank You!

I have http traffic flowing on the LAN interface now.  What I did was stopped Suricata WAN Interface (LAN is set to monitoring only).  I browsed to the http sites and they worked.  I then went back into Suricata WAN gui page, disabled logging for DNS, Stats and TLS, which are the defaults. I then enabled and saved.  I was still able to browse the http sites that were blocked even though I had enabled Suricata.  I don't see anymore block entries in the firewall logs. 

This fix makes no sense to me.  I am hesitant to claim a solution until this has been up and running awhile without further blocks. I will take some time to review the rules again. 

DHCP and DNS / [SOLVED] dnsmasq log file equivelent for DNS Resolver
« on: August 05, 2017, 09:33:00 pm »
On my ASUS router, I recently watched the dnsmasq.log (tail f dnsmasq.log) to identify the domains being referenced by a streaming media channel so I could create policy rules and route traffic between two OpenVPN clients.  I was able to configure both my pfSense appliance and the ASUS router for my use case using policy rules with the firewall using the domain names that were identified.

I am using pfBlockerNG and DNS Resolver. DNS Resolver does not appear to use dnsmasq from what I can tell. Is there an equivalent dnsmasq log file for DNS Resolver I can look at to see the domain names being reference by my LAN traffic?   I saw a file called /var/logresolver.log.  But this only contained the domain names I had used in my firewall alias and firewall rules to route the traffic.  Where are the domain name LAN traffic being logged to when using DNS Resolver? Googling not helping thus far.

Thank you.


After a few day of off and on googling for a solution, I was finally able to find the solution at this site:

In summary, in the DNS Resolver web gui page, you have to add the option log-queries: yes in the Custom options box. I then need to go to Status, Systems Log, Settings and turn on remote logging and check the box for DNS Events (Resolver/unbound, Forwarder/dnsmasq, filterdns).  If I don't do this, I don't see unbound domain names entries logged in resolver.log. 

To view the entries, you can tail -f /var/log/resolver.log

Or, you can install kiwi system log on your client machine (mine is Win 10) and watch the entries as you navigate websites or steaming media sites.

Note that there is a newer version of kiwi syslog and I was not able to get it working. I'll try again. So I reverted to the older version I already has installed. 

I need this information as I want to route certain traffic between two OpenVPN client gateways depending on the domain names the traffic generates.  For example, I am able to use this information to identify what domains are being called when I turn on a certain media steaming site.  I can then create firewall rules to route this traffic to a VPN server in a large market to have more channels. 

I am having issues with my Roku 4 player not being able to stream videos on CBS All Access, PBS and CNET. I select a video, it starts to stream, then returns me to the home screen.  When I disable pfBlockerNG, the channels work.  Likewise, if I plug the ETH cable form the Roku 4 into my ASUS AC88U router, it works there too.  So I suspect pfBlockerNG is blocking traffic from these channels to their servers.

How can I troubleshoot this issue? I perhaps need to see what server ip addresses these channels are connecting to and whitelist them?  I tried whitelisting, and in DNSBL, Custom Domain Whitelist.  This did not fix the issue. 

Thanks for the help!

pfBlockerNG / Privacy-Filter
« on: April 23, 2017, 06:16:05 am »
To block sites that collect information about you and is for blocking Telemetry and some Android Rootkit along with Scanners.  Original script source

To make this work on pfSense, create a DNSBL feed called Privacy-Filter and add the following under Custom Block List.  List Action is Unbound. 

Code: [Select]

pfBlockerNG / Blocking Microsoft Spy Servers
« on: April 23, 2017, 06:11:03 am »
Thought I would share this one. Under pfBlockNG, select IPv4.  Create an Alias called Microsoft Spy Servers. List Acton = Deny Both.  Go to IPv4 Custom List, add the following IP addresses:

Code: [Select]
Save and force an update!


pfBlockerNG / pfBlockerNG with OpenVPN client
« on: March 07, 2017, 09:22:03 am »

I'm using release 2.3.3.  I recently read through the forum and read websites on how to configure pfBlockerNG for ad blocking.  I have a WAN, LAN and OpenVPN Client interface called TGInterface.  This is a Torguard OpenVPN client to my rivate-ip address. All clients/traffic use the TGInterface interface. I can access websites when I change from DNS Forwarder to DNS Resolver without enabling pfBlockerNG. But when I enable pfBlockerNG with DNSBL, I can't access the internet.  How can I configure pfBlockerNG to play nice with the OpenVPN client interface so I can browse ad free while all traffic is using the OpenVPN client interface?


Pages: [1]