Laptop and Wireless Tomato Router
-
-
Well, if they use 53/443 and you block all outbound connection to that, then it will be blocked, end of story. Seems like either they are using something else, or you are doing it wrong.)
-
Well, if they use 53/443 and you block all outbound connection to that, then it will be blocked, end of story. Seems like either they are using something else, or you are doing it wrong.)
They might be using other ports, but that's what the Avast rep said they use.. but like you say, they might be using other ones.. There's just got to be a way to completely force ALL users connected to my network to use the DNS I provide, no other, no matter which port they use.
-
Clearly they use dnscrypt-proxy. You can block 443 both TCP and UDP and see how it goes. (And say bye to HTTPS :P) Alternatively, set up a wildcard DNS override for ff.avast.com - https://forum.pfsense.org/index.php?topic=43835.0
-
Clearly they use dnscrypt-proxy. You can block 443 both TCP and UDP and see how it goes. (And say bye to HTTPS :P) Alternatively, set up a wildcard DNS override for ff.avast.com - https://forum.pfsense.org/index.php?topic=43835.0
yeah, I've seen that page too.. I will try again see what happens..
to make sure I have the iptable right.. would you by any chance know the iptable to block it? -
Uhm…
https://forum.avast.com/index.php?topic=163116.0
https://support.opendns.com/entries/57943894-Avast-2015-Security-Suite-Secure-DNS-and-OpenDNSOther than that - I installed the crap on a VM. Unless you block outgoing traffic to 443, this is a waste of time. It never queries regular DNS for anything. It intercepts DNS and sends out dnscrypt-ed queries via 443 to Avast, gets a list of suitable DNS servers and uses those for DNS via dnscrypt-proxy. Not to mention that you actually have been offered to be provided with the list of servers by Avast staff…
Starting the same topic on yet another forum won't get you any different answers. Please, avoid wasting other people's time. If you linked the above right in the OP, I'd save an hour of my time wasted for no good reason whatsoever.
:(
-
Uhm…
https://forum.avast.com/index.php?topic=163116.0
https://support.opendns.com/entries/57943894-Avast-2015-Security-Suite-Secure-DNS-and-OpenDNSOther than that - I installed the crap on a VM. Unless you block outgoing traffic to 443, this is a waste of time. It never queries regular DNS for anything. It intercepts DNS and sends out dnscrypt-ed queries via 443 to Avast DNS servers.
Starting the same topic on yet another forum won't get you any different answers. Please, avoid wasting other people's time. If you linked the above right in the OP, I'd save an hour of my time wasted for no good reason whatsoever.
huh? what do you mean? - I am trying to resolve an issue I am dealing with.. I thought the purpose for the forums is to ask questions. As you can see, I tried opendns first because that's the DNS I am using.. they were no help, so I went straight to the source which is Avast.. what's wrong with that?
Not sure why so are telling me to not waste anybody's time when you can clearly see they offered no solutions to the issue.. in fact, opendns just suggests to disable the feature, which does not help me at all.
I'm still confused by your reply.
-
And actually, the guys from Avast was the one who told me by private msg that they cannot provide the DNS IPs.. he was no help either.
-
Dude, I have been pretty clear on what I mean. You have wasted my time which I spent investigating how the thing works. If you linked your own threads here, I of course would not bother reinventing the wheel!!! I'd frankly rather have a couple of beers in local pub.
Go block outgoing traffic to port 443 TCP/UDP if you need such level of control. End of story.
:( >:( >:(
-
Dude, I have been pretty clear on what I mean. You have wasted my time which I spent investigating how the thing works. If you linked your own threads here, I of course would not bother reinventing the wheel!!! I'd frankly rather have a couple of beers in local pub.
Go block outgoing 443 TCP/UDP if you need such level of control. End of story.
:( >:( >:(
well fine then.. I said I was going to try to do that again..read previous posts back.. no need to be jerk about it.
and you're getting upset because I posted my issue on a couple of forums?….really?I thought this was a friendly forum.. just keep in mind NOT ALL OF US ARE PROS LIKE YOU.. some of us are just simpletons trying to figure things out.
but anyway.. thanks for your help.. I guess.
-
and you're getting upset because I posted my issue on a couple of forums?….really?
No, I'm being upset because you did not bother listing the information here, you did not even bother with listing the real goal in your OP, instead asking about some totally unrelated router-on-a-stick and VLANs stuff. People here provide advise in their free time for free. Not interested in such games just because asking elsewhere did not solve your "issue".
-
and you're getting upset because I posted my issue on a couple of forums?….really?
No, I'm being upset because you did not bother listing the information here, you did not even bother with listing the real goal in your OP, instead asking about some totally unrelated router-on-a-stick and VLANs stuff. People here provide advise in their free time for free. Not interested in such games just because asking elsewhere did not solve your "issue".
if you read the OP I state the reason I was planning on setting up pfSense with my current router…then my post turned into a solution to the issue or the reason for me to get pfSense in the first place.. it was not my intention to cause any frustration whatsoever.. and also, did you ask me to post the links? No.. so why whoul I think I needed to do that? - who cares what I posted on other forums when I stated exaclty what my issue is and exaclty what I needed.
but anyway, I think you just blew this out of proportion or you might have anger issues or something, but regardless, I apologize as I did not intend to frustrate you...why would I do that when I am asking for help?.
-
Also when you said you installed the crap in VM.. did you mean Avast Internet secuirty (the paid version)?
If not, then Secure DNS is not enabled..only paid versions of Avast Internet security has the feature enabled. -
Also when you said you installed the crap in VM.. did you mean Avast Internet secuirty (the paid version)?
Yeah. I mean exactly that. The 2015 version.
-
Also when you said you installed the crap in VM.. did you mean Avast Internet secuirty (the paid version)?
Yeah. I mean exactly that. The 2015 version.
Ok.. well, I have tried this iptable in Tomato's firewall..
iptables -A INPUT -p tcp –dport 443 -j DROP
but it does not work, even after rebooting the router.
-
You need both TCP and UDP. Already stated multiple times.
-
You need both TCP and UDP. Already stated multiple times.
My bad, i forgot to also include UDP.. my mistake.
thanks for your help.. but try to be a little more patient with others if you're going to be "helping" others :)
if you feel frustrated by something, just don't reply and let others do it..getting angry at a dumb user like me only makes things worse for you. -
Or just use a proxy, and only let the proxy out.. Then they can go scratch ;)
-
I have tried inputing these in my firewall
iptables -A INPUT -p tcp -m tcp –dport 443 -j DROP
iptables -A INPUT -p udp -m udp --dport 443 -j DROPRebooted the router.. and I still pull blocked pages on the PC with Avast DNS enabled :(
also tried
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j DROP
iptables -A OUTPUT -p udp -m udp --dport 443 -j DROPstill no dice
EDIT...
OK I got it.. I was able to block port 443 through ACCESS RESTRICTIONS.. iptables do not work or have any effect on Avast DNS. -
Your iptables trouble is totally OT on this forum. Congrats on breaking HTTPS. Now they'll tunnel DNS via SSH, or via Avast Secureline (basically OpenVPN). ::)
OK I got it.. I was able to block port 443 through ACCESS RESTRICTIONS…
Hmmm. The MAC address takes about one second to change.
