DNSBL Alerts not working
I recently changed my setup for pfBlockerNG/DNSBL around a bit and everything is working except alerts.
I am using pfSense 2.4.2, pfBlockerNG 2.1.2_1.
I have multi-WAN, plus I use OpenVPN for most connections. Before I was running DNSBL on my main router (with DNS resolver) for my non-VPN traffic, and using the forwarder for VPN traffic, forwarding to the VPS's (also pfSense 2.4.2) on the remote side of my tunnels (about 300 ms latency) which were also running DNSBL with resolvers. This was all working fine, and alerts were also working. I also was running Squid/Squidguard on the remote ends of the tunnel. For local Squid I was running a pfSense VM locally so I could still use Multi-WAN with load balancer (since Squid only sends through the default gateway).
My management network (untagged) is 192.168.150.0/24 with main pfSense gateway 192.168.150.1, LAN (VLAN) is 192.168.2.0/24 with 192.168.2.1 gateway, and VPN 192.168.3.0/24 with 192.168.3.1.
The VPS's only have 512 MB of RAM though, and I also wanted to reduce the latency for hits from the cache, so I decided to try to move the VPN Squid and DNSBL to the local side. I set up two mostly identical pfSense VMs. The LAN network in each gets an IP from the DHCP server in the respective network (192.168.2.3 and 192.168.3.3) and the WANs get DHCP addresses in the management network (192.168.150.6 and 192.168.150.7 respectively for the LAN and VPN servers).
For Squid/Squidguard I set up additional gateways in my main box of 192.168.2.3 (SQUID_LAN) and 192.168.3.3 (SQUID_VPN), and for LAN traffic I put a firewall rule in the LAN rules to send port 80 traffic through the SQUID_LAN gateway and for VPN traffic (on the VPN network) send port 80 through SQUID_VPN. Then in the Management network rules I added lines to send source 192.168.150.6 to the WAN_LoadBalancer and for source 192.168.150.7 to VPN_LoadBalancer. This all works fine.
I also enabled the DNS resolvers on each of these VMs, with pfBlockerNG/DNSBL. Resolvers have default settings, listening on all and requesting from all interfaces, plus a few domain overrides. pfBlockerNG has default config plus feeds added in DNSBL. Then I have my DHCP server set my DNS addresses to 192.168.2.3 for the LAN and 192.168.3.3 for the VPN network.
Everything seems to be working correctly. If I do nslookup on a blocked site, I get back 10.10.10.1. If I go to 10.10.10.1 I get the 1x1 pixel. Ads are blocked in webpages. DNS resolution does seem a little faster (for cached addresses) and webpages load quicker since there are no ads. The only issue I have is that I don't get any alerts. I did have one site I needed to allow through, and fortunately I was able to copy the whitelist entry from my older setup or I wouldn't have been able to do it. I am worried what will happen if I need to whitelist something else in the future.
Any ideas for the alerts?
I saw this thread (https://forum.pfsense.org/index.php?topic=121413.0 and added ports 8081 and 8443 to the list of ports that is forwarded to the Squid/DNSBL servers from my main router (so 80, 8081, and 8443 are forwarded) but I still don't get any alerts.
Are you by chance using the Traffic Shaper in pfSense?
No, I'm not using the traffic shaper.