Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with pfBlocker: Works on some, works half the time on some, doesn't work at all on others

    pfBlockerNG
    2
    4
    561
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tbreece
      last edited by

      Hi everyone,

      I’m very new to pfSense and haven’t even had it a week yet but I’m having issues figuring out a problem with pfBlocker.

      So to start with, my setup is like this. Charter Spectrum > pfSense > Windows AD > router put into access point mode (only temporarily) with wired and wireless clients.
      My pfSense is running on bare metal, an HP Thin Client T520 with a dual port Intel i350 based mini pci-e LAN device. On my server I’m running Windows Server 2019 and I have it running the DHCP and DNS roles. All my network devices obtain an IP and DNS from the server and it seems like there is no issues there. I have all my Windows clients obtaining its own IP and DNS from the server in the network adapter settings. There may be issues with that though, I haven’t gone back to check but I know my clients cannot access pfSense when my server is down. But now, here is where the issue starts.

      My Thinkpad (wireless 2.4GHz), always works with no problem. Blocks websites and ads. This also applies to my Roku devices (all wireless, mixed between 2.4 and 5GHz) and I know this for a fact because it blocks the side adverts on the home screen. My main wired computer (gigabit speed), that sometimes works. Sometimes it blocks sites and adverts, sometimes it does not. I have not found a definitive pattern with it. My actual Windows server (wired, gigabit), that NEVER works. Ads show up all the time and sites are not blocked. Of course it is static which could be an issue within itself. The settings for that are: 192.168.1.120 (server IP address), 255.255.255.0, 192.168.1.121 (pfSense gateway) and DNS server is 192.168.1.120. Granted, I’ve tried different browsers on those computers and none of that makes a difference. Usually I use Edge as a testing ground and speedtest.net because they have a lot of adverts on their page and I’ve read where Firefox can have issues to begin with.

      So based on this information, anyone have any ideas what might be going on here? I have several filters loaded, I believe there was one that came with pfBlocker to begin with and then there were a couple from Steven Blackmore I want to say…sorry if I butchered the name. That would be the adware/malware and the porn + gambling + I can’t remember offhand what the other one was unless I was home looking at it. Since I’m still very new to pfSense, if any logs are needed, please don’t hesitate to ask! As long as you can help point me into the direction I need to get what you need to see, I’m more than happy to do so. I tried for several days to figure out what’s wrong with this but I just can’t figure out what is going wrong and why some clients work and some don’t, or some do intermittently. Any help would be very much appreciated!

      Thank you!

      P.S: DHCP on pfSense and router (running in AP mode) have been disabled completely, only the DC gives out IP addresses. Current IP addresses range from 192.168.1.50-192.168.1.55.

      1 Reply Last reply Reply Quote 0
      • T
        tbreece
        last edited by tbreece

        So after chasing my tail for a few days now and being perplexed as most seem here I'm guessing as well...I tracked down my issue, it was AVG Internet Security that was circumventing DNS rerouting to 10.10.10.1. Doing an nslookup would show something like this.

        C:\Windows\system32>nslookup adspeed.net
        Server: myserver/domain name
        Address: 192.168.1.120

        Non-authoritative answer:
        Name: adspeed.net
        Addresses: ::10.10.10.1
        (Website's actual address here)

        In order to fix this, at least I'm thinking it has fixed it, it has to deal with the web shield. So what I'm thinking fixed this was going to Menu > Settings > Basic Protection > Web Shield > Uncheck "Enable HTTPS Scanning".

        After doing this, the client immediately started responding to pfsense the way it was supposed to. So I hope if anyone has this issue, that this solves it for them. The reason it worked only on some clients is because not everyone has AVG installed but this client did. Now why it would work sometimes but not most of the time, I dunno. Unless AVG was down at the time for whatever reason. But this definitely proves it's extremely important to list any and all programs that could be factors in problems like this.

        Can a moderator help edit the title so that it can read that AVG Internet Security is an issue so if anyone else has this issue, this thread might help point them to a solution?

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance
          last edited by

          I would have guessed DoH (DNS over HTTPS) which bypasses local DNS servers.

          Does your Windows server forward its queries to pfSense? If not and it looks up directly that would also bypass.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          T 1 Reply Last reply Reply Quote 0
          • T
            tbreece @SteveITS
            last edited by tbreece

            @steveits Yup, sure does! I was actually on the right track but I gave the wrong setting. It's actually the fake website shield that needs to be disabled. I will update that in my last post. So what happens is that AVG detects that pfSense is trying to change the IP address to the website you're accessing and so it'll circumvent it as it thinks it is an attack.

            I can't edit my original post, so here's what needs to happen. It's the Fake Website Shield that is responsible for this. So go to Menu > Settings > Full Protection > Fake website shield > Turn it off indefinitely. Not necessarily the course of action that is the most awesome but that is the trouble module causing pfSense to be ignored.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.