The pfSense Store

Author Topic: Can we create a diagnostic sticky?  (Read 164 times)

0 Members and 1 Guest are viewing this topic.

Offline tagit446

  • Newbie
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Can we create a diagnostic sticky?
« on: January 02, 2018, 06:46:56 pm »
Hello,

I was wondering if a quick reference sticky could be created covering the different methods for diagnosing various issues with pfBlockerNG.

For example, I am experiencing an issue now where it seems like pfBlockerNG is working since things are showing up in the alerts and I can ping 10.10.10.1. I can also browse to 10.10.10.1 and get the 1x1 pixel but at the same time I can browse to domains that are in the DNSBL block list and IP's in the IPv4 block list and not get the 1x1 pixel. To be clear, I can access sites by entering the exact IP or URL in the block list.

I think a sticky that covers steps to verify pfBlockerNG is working correctly or not and diagnosing common problems people run into would be very helpful and possibly cut down on the questions being asked here.

pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline Jailer

  • Sr. Member
  • ****
  • Posts: 406
  • Karma: +54/-2
    • View Profile
    • Bored Guy Blog
Re: Can we create a diagnostic sticky?
« Reply #1 on: January 02, 2018, 06:51:17 pm »
Did you do a force update and force reload?

Offline tagit446

  • Newbie
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Re: Can we create a diagnostic sticky?
« Reply #2 on: January 02, 2018, 07:34:57 pm »
Did you do a force update and force reload?

Several times actually.

I am wondering if it may have something to do with my last reinstall of pfSense.

Before uninstalling pfSense I am pretty sure it was working. I also did a complete backup using the included backup feature in pfSense.

After reinstalling pfSense I also reinstalled the pfBlockerNG package then restored my backup config. After restoring the config I did have 2 pfSense alerts for pfBlockerNG. The alerts did not make sense to me so I marked them as read. Since then no other alerts.

I also had both pfSense and pfBlockerNG updated to the latest versions before saving the config that I restored from.  In other words there are no version differences between my backup config and the current versions I am using now.

I am wishing now that I had documented the 2 alerts I mentioned.
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 705
  • Karma: +96/-2
    • View Profile
Re: Can we create a diagnostic sticky?
« Reply #3 on: January 02, 2018, 07:57:15 pm »
The logs should tell you something
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.1_1

Offline tagit446

  • Newbie
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Re: Can we create a diagnostic sticky?
« Reply #4 on: January 02, 2018, 08:44:19 pm »
The logs should tell you something
I do see the following in my DNSBL.Log,
Code: [Select]
DNSBL Reject,Jan 01 14:31:03,10.10.10.1,192.168.10.10, | / | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36
DNSBL Reject HTTPS,Jan 01 14:31:03,10.10.10.1
DNSBL Reject,Jan 01 14:31:03,10.10.10.1,192.168.10.10,http://10.10.10.1/ | /favicon.ico | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36
DNSBL Reject,Jan 01 17:50:07,10.10.10.1,192.168.10.10, | / | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36

192.168.10.10 is the local address for the PC I am testing on. I am unsure if the above is from me browsing to 10.10.10.1 or the reason pfBlockerNG seems to not be working.

Other than the above I do not see anything I would consider suspicious in any of the other logs.
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 705
  • Karma: +96/-2
    • View Profile
Re: Can we create a diagnostic sticky?
« Reply #5 on: January 02, 2018, 09:06:54 pm »
You are using pfsense DNS Resolver ?
And you PCs are using pfsense for DNS service ?
Maybe post the logs after a Force Reload DNSBL ?
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.1_1

Offline tagit446

  • Newbie
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Re: Can we create a diagnostic sticky?
« Reply #6 on: January 02, 2018, 09:22:39 pm »
You are using pfsense DNS Resolver ?
And you PCs are using pfsense for DNS service ?
Maybe post the logs after a Force Reload DNSBL ?

If my settings are correct I should be using the DNS Resolver.

Most all of my connected device are setup with static settings. For each they use the pfSense's interface gateway address for the DNS address. For example, the PC I have been using for testing pfSense has an IP of 192.168.10.10, Gateway is 192.168.10.1 and the DNS is also 192.168.10.1.
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p