DNSBL not working with vpn
-
Take a look here:
https://www.reddit.com/r/PFSENSE/comments/8o8zf1/pfblockerng_adblock_on_all_vlans/ -
@bbcan17 Im a beginner in this and having trouble following you.
my vpn is using dhcp with the dns from general tab
103.86.96.100
103.86.99.100
If I delete or change these the whole internet stops working. -
@xerno The lan devices have to use pfSense IP address so that Unbound/DNSBL will reply... If you set your LAN devices DNS to use the General Tab DNS IPs, then that will bypass Unbound and DNSBL will not filter it.
-
@bbcan17 Ok I set my windows machine to use pfsense ip as dns but ads are still showing up
-
@xerno DNSBL will only block the AD domains that are in the DNSBL Feeds that you defined.
See this thread:
https://forum.netgate.com/topic/91736/pfblockerng-v2-0-w-dnsbl -
@bbcan17 Yes I have configured the feeds. It was working until I setup the vpn.
-
Ensure that from this LAN Device, that you can:
- ping the DNSBL VIP and get a reply
- Browse to the DNSBL VIP and get the 1x1 pixel
- ping one of the DNSBL domains and get the DNSBL VIP Address
-
@bbcan17 I can ping dnsbl vip and get a reply.
if I browser it I get a timeout
if I ping one of the dnsbl domains I dont get the dnsbl vip adress -
@xerno In the DNSBL Tab, enable the "DNSBL Permit" rule and select all LAN/VLANS that need access to the DNSBL VIP...
-
@bbcan17 said in DNSBL not working with vpn:
AN/VLANS that need access to
Those settings are already there
-
@bbcan17 I did some digging in the log files.
for example this
local-data: "adaway.org/hosts.txt 60 IN A 10.10.10.1"
when I ping one of the addresses in that site it does not use 10.10.10.1
however I do have this local-data: "jujuads.com 60 IN A 10.10.10.1" and that will ping with response 10.10.10.1 -
@xerno said in DNSBL not working with vpn:
local-data: "adaway.org/hosts.txt 60 IN A 10.10.10.1"
Something is wrong with this line as it shouldn't contain the "/hosts.txt".. What URL are you using... Compare that to the URL in the link I posted above.
After reviewing the URL, remove the previous feed in the Log Browser > DNSBL Files > Adaway.txt, by selecting the "Delete Icon"... Follow that with a Force Reload - DNSBL.
-
@bbcan17 I found the problem, in the DNSBL Feeds I didnt put unique headers. they where all named the same. after reloading it now blocks ads.
However is the blocking correct? The ads just show up as grey and after about 5-10 seconds they dissapear. -
@bbcan17 I still cant acess 10.10.10.1 in my browser.
