PFblocker blocks countries it should not block
-
I installed the latest build of december 26 just now for testing. Captive portal does not work. I restarted the service over and over again. Then I restored the build of december 19. Now captive portal is working, kind of. Allowed ips are not allowed.
Pfblocker is not blocking pfsense but about.com can't be reached.
Wen I nslookup about.com
Server: wlan2-router.mydomain.tld
Address: 10.10.10.65Niet-bindend antwoord:
Naam: about.com
Address: 207.241.148.80Wen I disable pfblocker about.com can be reached normaly. The ip of about.com is located in the US. I did not block north amerika in pfblocker.
-
What device is running DHCP & DNS on that Captiveportal network?
-
I use the DHCP service of pfsense. I run Bind9 DNS service on a linux machine in the DMZ subnet. I use DNS forwarder on pfsense, beceause of that all systems connect to pfsense for DNS resolvement.
-
Captive portal requires that DNS is runned on pfsense at least on that interface, if i'm not remembering all wrong.
-
I set it up the same way I always did on m0n0wall wich worked very well for many years. If pfsense captiveportal works the same way as m0n0wall it should work. Besides of that with the build of december 19 is does work except for the allowed ips are not allowed thru. If i use the build of december 26 captiveportal is not working at all.
-
About pfblocker. I have to disable pfblocker to be able to post here in the pfsense forums. With pfblocker enabled i can't reach pfsense.org and can't access about.com.
-
Gé,
Pfblocker lists are based on ipblocklist continent ip address. Now this service is paid, what whe have is a few months old database.
I'm not sure ip address move from contries, but you can edit pfblocker cidr txt files on /usr/local/pkg dir and/or apply a whitelist for ips you do not want to block.att,
Marcello Coutinho -
Thank you Marcello for this information I did not know all that about the ipblocklist. To be honest i don't like to tinker under the hood with pfsense. I like the webbased gui. I could also build a router with iptables and setup up all the services i need. I shoose for pfsense because of the convenience of webbased router pfsense. Befor i used m0n0wall for years with never any problems. Thats why i asked in the start post maybe its better for me to downgrade to pfsense 2.0? And wen i adjust the ipbloclist and update pfsense i have to fix all those things again and again.
Wen pfblocker blocks a site i just switch it off. I posted the troubles i have with pfsense beta here with hope someone would fix it because this web gui looks really nice and many many packages and options but some of them just don't work yet.
I looked up the ip of pfsense.org on dnsstuff.com:
DNSstuff first created a snapshot for 69.64.6.21 (ip of pfsense.org) on Thursday, November 17th, 2011, 1:19:45 PM. We have not seen any changes to the records since that date.As you can see the ip of pfsense.org is at least one year in use and connected to pfsense.org and located in de US and since i didn't block north amerika in the pfblocker gui it proves it just doens't work sadely enough. Does pfsense 2.0 also have those packages like pfblocker radius and so on because i realy like radius, certificate manager, captiveportal and pfblocker if it works that is.
I have never seen the gui of pfsense 2.0 so i'm in doubt of i'm going to downgrade from the beta to the stable.
Another strange thing is wen i "nslookup pfsense.org ns.mydomain.tld" it can't be found but wen i use "nslookup pfsense.org 8.8.8.8" (dns server of google) it does find the ip. Wen i switch of pfblocker i can use my own dns server again in the nslookup.
-
@Gé:
Are there more people with those problems or am I doing something wrong?
I'm using pfSense 2.0.2 with the pfBlocker package. I have it set to deny incoming for all countries and am not having any problems reaching this or any other site. Both pfBlocker and 2.0.2 have been working flawlessly for me. From my FreeBSD box:
$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53Non-authoritative answer:
Name: pfsense.org
Address: 69.64.6.21$ nslookup about.com
Server: 192.168.1.1
Address: 192.168.1.1#53Non-authoritative answer:
Name: about.com
Address: 207.241.148.80I have set up additional CIDR lists with data acquired from countryipblocks.net as well.
https://www.countryipblocks.net/country_selection.php
-
Great thank you.
Good to know PFsense also has the packages system like the beta version and has also pfblocker package available.
