SOLVED - PfBlockerNG DNSBL not blocking traffic on secondary LAN

toyinal · Aug 9, 2016, 9:47 PM

Hi,

I have a Lan segment 192.168.2.1/24 on separate router that is then linked to PFSense through the gateway 192.168.1.1/24. The other LAN is directly connected to the pfsense router on gateway 192.168.3.1/24 . PfblockerNG blocks traffic using DNSBL list on the 192.168.3.1/24 but will not block traffic on the secondary lan segment 192.168.2.1/24 . I have tried to play around on with the DNSBL Firewall rule with no success. Although I noticed that no floating firewall rule is created PFBlockerNG. I've setup PFBlocker to block both direction.

Any help will be appreciated.

Thanks

RonpfS · Aug 9, 2016, 9:57 PM

DNSBL change the DNS Resolver to block DNS FQDN, it redirect the block domain name to 10.10.10.1 and provide a 1x1 Gif instead of the web page of the blocked site.

There is a component of DNSBL that will block IP contained in the DNSBL feeds, that's the only part that has to do with FW rules.

For DNSBL to work, all clients on all networks have to point to the DNS Resolver of the pfsense with DNSBL.

Mr. Jingles · Sep 17, 2016, 5:14 PM

@RonpfS:

For DNSBL to work, all clients on all networks have to point to the DNS Resolver of the pfsense with DNSBL.

I'm trying to figure out the sentence to google for that actually gives relevant results so I can figure out what to do, Ron ;D

I mean: how can I be sure/test my Windows, Linux and Android stuff do what you wrote above? Is it simply a case of DHCP an IP to all clients (including static P's), or is there more to be done (like disabling services on the clients, for example (?)).

Thank you for any tips :P

tonymorella · Sep 19, 2016, 5:39 AM

@Mr.:

@RonpfS:

For DNSBL to work, all clients on all networks have to point to the DNS Resolver of the pfsense with DNSBL.

I'm trying to figure out the sentence to google for that actually gives relevant results so I can figure out what to do, Ron ;D

I mean: how can I be sure/test my Windows, Linux and Android stuff do what you wrote above? Is it simply a case of DHCP an IP to all clients (including static P's), or is there more to be done (like disabling services on the clients, for example (?)).

Thank you for any tips :P

Setup rules to redirect all DNS request to the local DNS

Firewall > NAT > Port Forward> Edit
Interface LAN
Protocal TCP/UDP
Click Invert match select LAN Address
Destination port range From Port DNS and to Port DNS
Redirect target IP 127.0.0.1
Redirect target port DNS
NAT reflection Use system default
Filter rule association Create new associated filter rule
Create rule that allows TCP/UDP from LAN net to LAN address on port 53
Create rule that allows TCP/UDP from This Firewall to Any on port 53

For example, if a device has 8.8.8.8 setup as its DNS server this rule says anything that is not the LAN address for the request to 127.0.0.1 from port 53 to port 53

Tony

molykule · Sep 22, 2016, 10:05 PM

@tonymorella:

@Mr.:

@RonpfS:

For DNSBL to work, all clients on all networks have to point to the DNS Resolver of the pfsense with DNSBL.

I'm trying to figure out the sentence to google for that actually gives relevant results so I can figure out what to do, Ron ;D

I mean: how can I be sure/test my Windows, Linux and Android stuff do what you wrote above? Is it simply a case of DHCP an IP to all clients (including static P's), or is there more to be done (like disabling services on the clients, for example (?)).

Thank you for any tips :P

Setup rules to redirect all DNS request to the local DNS

Firewall > NAT > Port Forward> Edit

Interface LAN

Protocal TCP/UDP

Click Invert match select LAN Address

Destination port range From Port DNS and to Port DNS

Redirect target IP 127.0.0.1

Redirect target port DNS

NAT reflection Use system default

Filter rule association Create new associated filter rule

Create rule that allows TCP/UDP from LAN net to LAN address on port 53

Create rule that allows TCP/UDP from This Firewall to Any on port 53

For example, if a device has 8.8.8.8 setup as its DNS server this rule says anything that is not the LAN address for the request to 127.0.0.1 from port 53 to port 53

Tony

I am lost on last 2. Is the 2nd last one created under Firewall rules-lan
and the last one is firewall rules-floating,

Thanks for sharing,
regards,
boatingdude