Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Active Directory Server & pfblockerNG Suggestion Required

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 3 Posters 504 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      faddy0102
      last edited by

      Hi,

      I am lil bit confused , I have successfully implemented the PFBLOCKERNG on my network and also i am using DNSBL services on it.

      Also i am using Static DHCP server on PFSENSE .

      But the problem is i need to enter Primary DNS IP on workstation to block social media sessions its blocked but when i use Secondary IP of my AD is not logging of other users profile on same station because the Primary IP is the PFSENSE IP.

      AD IP: 192.168.88.2
      PFSENSE IP: 192.168.87.3

      What i need to when multiple users login on single workstation AD user account login easily and when they browse any social website like fb.com it will through the traffic on VIP address like 10.10.10.1 on PFBLOCKERNG.

      Please guide me how i can achieve this..

      Thanks

      BBcan177B 1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator @faddy0102
        last edited by

        @faddy0102

        Best to keep all windows devices pointing to your AD domain. Then have the DNS Forwarders of your DNS server (AD Domain), pointed to pfSense for final DNS filtering.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          Yeah if your MS shop using AD, its prob best to let MS be your dhcp and dns... Then just have your AD dns use pfsense/pfblocker for your dns to external domains.

          You can put in a domain override in pfsense so it can resolve your PTRs for networks and the like.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.