Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GeoIP policy based routing not working with pfBlockerNG-devel?

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bartkowski
      last edited by bartkowski

      2.4.3-RELEASE-p1 (amd64) on SG-2440.
      I've been using pfBlockerNG with GeoIP to create an "Alias Match" list for Polish (PL) IPv4 (pfb_Europe_v4).
      I have a LAN rule that directs traffic destined to Polish websites via NordVPN Gateway group (Destination: Single Host or Alias Set to: pfb_Europe_v4)

      All of this has been working great. However, I noticed recently that this rule is no longer working/applied.
      Only changes have been that I started using pfBlockerNG-devel (currently on 2.2.5_11) several weeks ago. Can't pin-point exact time when it stopped.

      (http://jakiemamip.pl) shows me my real IP, but when the rule worked, it showed the NordVPN's IP.

      For example, when I try to access vod.tvp.pl (195.245.213.252 & 195.245.213.251), I get Geo-blocked.

      I have created a new "alias match" list using the IP>IPv4 source definitions with "GeoIP" format for PL and PL_rep (pfB_Poland_v4.txt).
      When I look at the list in log viewer, I see "195.245.213.0/24" so I would expect it to work.

      If I change my rule to Destination: ANY, my traffic is routed via NordVPN.

      Any ideas?

      Edit: If I manually create an alias for those two IPs and use them in the firewall rule, I can access vod.tvp.pl and watch content.

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Since this is an "Alias Match" Alias, and the IP range is found in the pfB_Poland_v4.txt Alias, I assume that the package did what it was asked to do.

        The firewall rule that you created is defined with your settings, so the pfBlockerNG package had nothing to do with that rule.

        I suspect that another rule may be causing issues that is above this rule? But I would start to look at other changes that might have caused this issue for you.

        Hope that helps.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        B 1 Reply Last reply Reply Quote 0
        • B
          bartkowski @BBcan177
          last edited by

          @bbcan177 If I change my rule to Destination: ANY, my traffic is routed via NordVPN. Rule order is the same in this case. Wouldn't it imply something wrong with the alias list created by the package?

          BBcan177B 1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator @bartkowski
            last edited by

            @bartkowski said in GeoIP policy based routing not working with pfBlockerNG-devel?:

            @bbcan177 If I change my rule to Destination: ANY, my traffic is routed via NordVPN. Rule order is the same in this case. Wouldn't it imply something wrong with the alias list created by the package?

            You are using Alias type rules, so you are creating your own rules. Either way, pfBlockerNG is just adding IPs to an Aliastable. There has to be something else in your setup that is causing your issue. Check the other rules/nat etc...

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.