Looks lke its " working ...

VenimK

Schermafbeelding 2019-11-04 om 08.31.58.png

Changed DNSBL VIP to 172.16.0.1
GEOIP is working but none of the other

Gertjan

Take an URL from a feed the first alias "pfB_DNSBLIP_v4".
Feed that into a local "nslookup" prompt.
Have it resolved.
Did it return the real IPv4 - or the one from pfBlockerNG ? (like 0.0.0.1 or your local "DNSBL Webserver Configuration / Virtual IP Address ?

VenimK

@Gertjan said in Looks lke its " working ...:

pfB_DNSBLIP_v4

Schermafbeelding 2019-11-04 om 09.02.37.png

Weird , going to 192.168.1.1

Gertjan

@VenimK said in Looks lke its " working ...:

Weird , going to 192.168.1.1

That's your ""DNSBL Webserver Configuration / Virtual IP Address".

VenimK

@Gertjan said in Looks lke its " working ...:

That's your ""DNSBL Webserver Configuration / Virtual IP Address".

Schermafbeelding 2019-11-04 om 09.12.16.png

Gertjan

and you did that also ?

VenimK

@Gertjan
Yes
And rebooted to

VenimK

@Gertjan said in Looks lke its " working ...:

and you did that also ?

Maybe a reinstall off the plugin

Gertjan

Don't think so.
A Force reload does it for me.

VenimK

@Gertjan
NOw when i do nslookup from a client if get
nslookup www.upcoin.com
Server: 10.10.10.1 (PFSENSE LAN IP
Address: 10.10.10.1#53

Name: www.upcoin.com
Address: 172.16.0.1 (DNSBL IP)

So it kinda works
But i get still no logs

Schermafbeelding 2019-11-05 om 19.05.14.png

VenimK

@VenimK
did a complete new install pfsense, and then pfblocker-dev.
And it still works as before, no loggin with DNSBL.
Allthough nslookup looks ok, and stuff
nslookup www.yahoo.com
Server: 10.10.10.1
Address: 10.10.10.1#53

Name: www.yahoo.com
Address: 10.10.10.1

Gertjan

What is your "DNSBL Webserver Configuration Virtual IP Address " now ?
What is your pfSense LAN IP now ?

VenimK

@Gertjan
LAN INFO

Schermafbeelding 2019-11-07 om 04.29.58.png

DNSBL INFO
Schermafbeelding 2019-11-07 om 04.30.12.png

Gertjan

Looks all fine to me.

VenimK

@Gertjan Schermafbeelding 2019-11-07 om 18.32.43.png

Only pfb_TOP get logged ??

Gertjan

Be happy about it.
it means you're not looking at web pages that (try to) include links to sits that are blocked.
It's as simple as that.

Simply said : when you're looking for pub/scam/blacklisted-pages there is no need to block them.
Because you're not visiting them.
So, there is nothing to block ^^

VenimK

@Gertjan
Great, it works now

Schermafbeelding 2019-11-09 om 04.33.15.png

IPblock and DNSBL.

Had to change the NAT rulez
instead of 127.0.0.1 to 10.10.10.1

Schermafbeelding 2019-11-09 om 04.35.34.png

Gertjan

The webserver being used by pfBlockerNG is listening to :

[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: sockstat -4l | grep 'lighttpd_p'
root     lighttpd_p 33889 4  tcp4   *:8081                *:*
root     lighttpd_p 33889 5  tcp4   *:8443                *:*
root     lighttpd_p 33889 6  tcp4   10.10.10.1:443        *:*

all interfaces, which includes "localhost" or 127.0.0.1

This is probably not stated for nothing :

VenimK

@Gertjan said in Looks lke its " working ...:

The webserver being used by pfBlockerNG is listening to :

If i leave it @ 127.0.0.1, my when i try to acces a blocked domain the browser keeps spining.
ANd nothing getting logged in DNSBL

sockstat -4l | grep 'lighttpd_p'
root lighttpd_p 85774 4 tcp4 *:8081 :
root lighttpd_p 85774 5 tcp4 *:8443 :
root lighttpd_p 85774 6 tcp4 10.10.10.1:443 :