Netgate SG-1000 microFirewall

Author Topic: pfBlocker Problems  (Read 294 times)

0 Members and 1 Guest are viewing this topic.

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #15 on: December 05, 2017, 06:46:14 pm »
Quote
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries ...
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log Entries

You didn't answer my questions about dig, VIP ping etc
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #16 on: December 05, 2017, 06:50:49 pm »
Quote
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries ...
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log Entries

You didn't answer my questions about dig, VIP ping etc

Done
Did you edit that part it I missed it

Code: [Select]
C:\Users\darkv>nslookup DQDN
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com can't find DQDN: Non-existent domain

C:\Users\darkv>ping 10.10.10.1

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64

Ping statistics for 10.10.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\darkv>

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #17 on: December 05, 2017, 06:56:47 pm »
Yes I did edited my post  :P
FQDN is Fully qualified domain name ... so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on it

Code: [Select]
nslookup mobiledl.adobe.com
Serveur :   pfsense.localdomain
Address:  172.xxx.xxx.254

Nom :    mobiledl.adobe.com
Address:  10.10.10.1
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #18 on: December 05, 2017, 07:00:13 pm »
You mean like this?

Code: [Select]
C:\Users\darkv>nslookup amoffers.hasoffers.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    use-app04.hasoffers.com
Addresses:  52.5.77.91
          52.6.99.184
          34.230.229.216
Aliases:  amoffers.hasoffers.com

Code: [Select]
C:\Users\darkv>nslookup mobiledl.adobe.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    a1800.g.akamai.net
Addresses:  213.104.143.171
          213.104.143.162
Aliases:  mobiledl.adobe.com
          mobiledl.adobe.com.edgesuite.net


Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #19 on: December 05, 2017, 07:04:34 pm »
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in     Diagnostics / Command Prompt

Next check / post  your DNS Resolver configuration
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #20 on: December 05, 2017, 07:07:21 pm »
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in     Diagnostics / Command Prompt

Next check / post  your DNS Resolver configuration

This? lol sorry not very good at this
Code: [Select]
Shell Output - dig amoffers.hasoffers.com
; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amoffers.hasoffers.com. IN A

;; ANSWER SECTION:
amoffers.hasoffers.com. 60 IN A 10.10.10.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 06 01:05:23 GMT 2017
;; MSG SIZE  rcvd: 67


Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #21 on: December 05, 2017, 07:14:17 pm »
So pfsense DNSBL is doing it's job on pfsense.
It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :

so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

I think this is what you were looking for:
    https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #22 on: December 05, 2017, 07:16:01 pm »
Yes every device has an IP from pfsense and zero antivirus / security

Even my roku is showing ads but its got a ip from pfsense.

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #23 on: December 05, 2017, 07:19:09 pm »
Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #24 on: December 05, 2017, 07:20:22 pm »
Check what DNS server is configured in the DHCP services. Leave empty to use pfsense config

208.67.222.222
208.67.220.220

is in there ill delete them and reboot.

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #25 on: December 05, 2017, 07:24:03 pm »
Un-plug/re-plug the ethernet cable will do the same.
Or in Windows cmd  run "ipconfig /renew"
"ipconfig" alone will show you the configuration

2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #26 on: December 05, 2017, 07:25:28 pm »
Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config


DNSBL_Ads   67595   155
YAY its working

Guess its my fault as im trying to use opendns filting

Thanks so much now to get this opendns to work :)

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: pfBlocker Problems
« Reply #27 on: December 05, 2017, 07:31:07 pm »
Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline Riftcore34

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlocker Problems
« Reply #28 on: December 05, 2017, 07:33:23 pm »
Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)