Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker Problems

    Scheduled Pinned Locked Moved pfBlockerNG
    30 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Riftcore34
      last edited by

      Ipv4 seems to be working blocking fine but DNSBL nothing will work, Am I missing something?

      DNS resolver is enabled.
      is there any other settings ive missed was working before I upgraded my hardrive and clean installed.

      Thanks
      2017-12-05.png_thumb
      2017-12-05.png
      ![2017-12-05 (6).png_thumb](/public/imported_attachments/1/2017-12-05 (6).png_thumb)
      ![2017-12-05 (6).png](/public/imported_attachments/1/2017-12-05 (6).png)
      ![2017-12-05 (5).png_thumb](/public/imported_attachments/1/2017-12-05 (5).png_thumb)
      ![2017-12-05 (5).png](/public/imported_attachments/1/2017-12-05 (5).png)
      ![2017-12-05 (4).png_thumb](/public/imported_attachments/1/2017-12-05 (4).png_thumb)
      ![2017-12-05 (4).png](/public/imported_attachments/1/2017-12-05 (4).png)
      ![2017-12-05 (3).png_thumb](/public/imported_attachments/1/2017-12-05 (3).png_thumb)
      ![2017-12-05 (3).png](/public/imported_attachments/1/2017-12-05 (3).png)
      ![2017-12-05 (2).png_thumb](/public/imported_attachments/1/2017-12-05 (2).png_thumb)
      ![2017-12-05 (2).png](/public/imported_attachments/1/2017-12-05 (2).png)
      ![2017-12-05 (1).png_thumb](/public/imported_attachments/1/2017-12-05 (1).png_thumb)
      ![2017-12-05 (1).png](/public/imported_attachments/1/2017-12-05 (1).png)

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        What about pfblockerNG logs?
        Did you do a Force Update, a Force Reload All ?

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • R
          Riftcore34
          last edited by

          Yes to both and there is nothing in the log I posted a screenshot of it.

          Cheers

          1 Reply Last reply Reply Quote 0
          • R
            Riftcore34
            last edited by

            pfblockerng.log

            
            **Saving configuration ...
            
              Removing DB Files/Folders 
            
            **Saving configuration [ 12/05/17 23:13:38 ] ...
            
              Removing DB Files/Folders 
            
            **Saving configuration [ 12/05/17 23:14:24 ] ...
            
            **Saving configuration [ 12/05/17 23:16:57 ] ...
            
            **Saving configuration [ 12/05/17 23:17:08 ] ...
            
            Saving new DNSBL web server configuration to port [ 8081 and 8443 ]
            Saving pfSense config...
            VIP address configured. Widget Packet statistics reset.
            
            New DNSBL cert createdRestarting Service DNSBL...
            
            **Saving configuration [ 12/05/17 23:17:37 ] ...
            
            **Saving configuration [ 12/05/17 23:18:37 ] ...
            
            **Saving configuration [ 12/05/17 23:19:33 ] ...
             UPDATE PROCESS START [ 12/05/17 23:19:38 ]
            
            ===[  DNSBL Process  ]================================================
            Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding
            
            [ malwaredomainlist ]	 Downloading update .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              1146     1146       0          0          0          1146                 
              ----------------------------------------------------------------------
            
            [ malwaredomains ]	 Downloading update [ 12/05/17 23:19:41 ] .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              14906    14906      16         0          0          14890                
              ----------------------------------------------------------------------
            
            [ bambenek ]		 Downloading update [ 12/05/17 23:19:46 ] .. 200 OK..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              889400   872175     186        0          0          871989               
              ----------------------------------------------------------------------
            
            [ Yoyo ]		 Downloading update [ 12/05/17 23:20:38 ] .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              2497     2497       0          0          0          2497                 
              ----------------------------------------------------------------------
            
            [ Adaway ]		 Downloading update [ 12/05/17 23:20:45 ] .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              409      409        4          0          0          405                  
              ----------------------------------------------------------------------
            
            [ Winhelp ]		 Downloading update [ 12/05/17 23:20:53 ] .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              13017    13017      542        0          0          12475                
              ----------------------------------------------------------------------
            
              DNSBL: Flush DNSBL_IP
            ------------------------------------------
            Assembling database...
            Adding Unbound Server:Include line... completed
            Validating database... Skipped [ 12/05/17 23:21:05 ]
            Reloading Unbound.... completed
            DNSBL update [ 903402 | PASSED  ]... completed [ 12/05/17 23:21:20 ]
            ------------------------------------------
            DNSBL - Adding Unbound custom 'include' option
            
            ===[  Continent Process  ]============================================
            
            ===[  IPv4 Process  ]=================================================
            
            [ CIArmy ]		 Downloading update .. 200 OK. completed ..
              ------------------------------
              Original Master     Final     
              ------------------------------
              15000    15000      15000       [ Pass ] 
              -----------------------------------------------------------------
            
            [ ZeuS ]		 Downloading update [ 12/05/17 23:21:22 ] .. 200 OK
              Remote timestamp missing . completed ..
              ------------------------------
              Original Master     Final     
              ------------------------------
              119      119        119         [ Pass ] 
              -----------------------------------------------------------------
            
            [ DShield ]		 Downloading update [ 12/05/17 23:21:23 ] .. 200 OK. completed ..
              ------------------------------
              Original Master     Final     
              ------------------------------
              21       40         40          [ Pass ] 
              -----------------------------------------------------------------
            
            [ ETCompromised ]	 Downloading update [ 12/05/17 23:21:25 ] .. 200 OK. completed ..
              ------------------------------
              Original Master     Final     
              ------------------------------
              1583     1512       1512        [ Pass ] 
              -----------------------------------------------------------------
            
            [ ETDshield ]		 Downloading update [ 12/05/17 23:21:28 ] .. 200 OK. completed ..
              ------------------------------
              Original Master     Final     
              ------------------------------
              2104     1975       1975        [ Pass ] 
              -----------------------------------------------------------------
            
            [ Tor ]			 Downloading update [ 12/05/17 23:21:29 ] .. 403 Forbidden
            
             [ pfB_Blacklists - Tor ] Download FAIL
              Firewall and/or IDS are not blocking download.
            
            The Following list has been REMOVED [ Tor ]
            
            ===[  Aliastables / Rules  ]================================
            
            Firewall rule changes found, applying Filter Reload
            
            ===[ FINAL Processing ]=====================================
            
               [ Original IP count   ]  [ 18827 ]
            
               [ Final IP Count  ]  [ 18646 ]
            
            ===[ Deny List IP Counts ]===========================
            
               18646 total
               15000 /var/db/pfblockerng/deny/CIArmy.txt
                1975 /var/db/pfblockerng/deny/ETDshield.txt
                1512 /var/db/pfblockerng/deny/ETCompromised.txt
                 119 /var/db/pfblockerng/deny/ZeuS.txt
                  40 /var/db/pfblockerng/deny/DShield.txt
            
            ===[ DNSBL Domain/IP Counts ] ===================================
            
              903402 total
              871989 /var/db/pfblockerng/dnsbl/bambenek.txt
               14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
               12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
                2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
                1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
                 405 /var/db/pfblockerng/dnsbl/Adaway.txt
            
            ====================[ Last Updated List Summary ]==============
            
            Dec 5	05:30	ETDshield
            Dec 5	05:31	ETCompromised
            Dec 5	22:25	CIArmy
            Dec 5	23:15	DShield
            Dec 5	23:21	ZeuS
            ===============================================================
            
            Database Sanity check [  PASSED  ]
            ------------------------
            Masterfile/Deny folder uniq check
            Deny folder/Masterfile uniq check
            
            Sync check (Pass=No IPs reported)
            ----------
            
            IPv4 alias tables IP count
            -----------------------------
            18647
            
            IPv6 alias tables IP count
            -----------------------------
            0
            
            Alias table IP Counts
            -----------------------------
               18647 total
               18646 /var/db/aliastables/pfB_Blacklists.txt
                   1 /var/db/aliastables/pfB_DNSBLIP.txt
            
            pfSense Table Stats
            -------------------
            table-entries hard limit  2000000
            Table Usage Count         96244
            
             UPDATE PROCESS ENDED [ 12/05/17 23:21:30 ]
            
            **Saving configuration [ 12/05/17 23:28:58 ] ...
            Restarting Service DNSBL...
            
            **Saving configuration [ 12/05/17 23:34:57 ] ...
             CRON  PROCESS  START [ 12/05/17 23:35:08 ]
            [ CIArmy ]
              Remote timestamp: Tue, 05 Dec 2017 23:25:01 GMT
              Local  timestamp: Tue, 05 Dec 2017 22:25:01 GMT	Update found
            [ ZeuS ]
            	( No remote timestamp/md5 unchanged )		Update not required
            [ DShield ]
              Remote timestamp: Tue, 05 Dec 2017 23:30:04 GMT
              Local  timestamp: Tue, 05 Dec 2017 23:15:39 GMT	Update found
            [ ETCompromised ]
              Remote timestamp: Tue, 05 Dec 2017 05:31:22 GMT
              Local  timestamp: Tue, 05 Dec 2017 05:31:22 GMT	Update not required
            [ ETDshield ]
              Remote timestamp: Tue, 05 Dec 2017 05:30:03 GMT
              Local  timestamp: Tue, 05 Dec 2017 05:30:03 GMT	Update not required
            [ Tor ]
            							Update found
            [ malwaredomainlist ]
              Remote timestamp: Mon, 04 Dec 2017 19:18:42 GMT
              Local  timestamp: Mon, 04 Dec 2017 19:18:42 GMT	Update not required
            [ malwaredomains ]
              Remote timestamp: Fri, 01 Dec 2017 22:49:37 GMT
              Local  timestamp: Fri, 01 Dec 2017 22:49:37 GMT	Update not required
            [ bambenek ]
              Remote timestamp: Tue, 05 Dec 2017 00:15:16 GMT
              Local  timestamp: Tue, 05 Dec 2017 00:15:16 GMT	Update not required
            [ Yoyo ]
              Remote timestamp: Mon, 04 Dec 2017 16:43:31 GMT
              Local  timestamp: Mon, 04 Dec 2017 16:43:31 GMT	Update not required
            [ Adaway ]
              Remote timestamp: Sun, 17 Sep 2017 03:35:29 GMT
              Local  timestamp: Sun, 17 Sep 2017 03:35:29 GMT	Update not required
            [ Winhelp ]
              Remote timestamp: Thu, 30 Nov 2017 19:30:44 GMT
              Local  timestamp: Thu, 30 Nov 2017 19:30:44 GMT	Update not required
             UPDATE PROCESS START [ 12/05/17 23:35:14 ]
            
            ===[  DNSBL Process  ]================================================
            
            [ malwaredomainlist ]	 exists.
            [ malwaredomains ]	 exists.
            [ bambenek ]		 exists.
            [ Yoyo ]		 exists.
            [ Adaway ]		 exists.
            [ Winhelp ]		 exists.
              DNSBL: Flush DNSBL_IP
            
            ===[  Continent Process  ]============================================
            
            ===[  IPv4 Process  ]=================================================
            
            [ CIArmy ]		 Downloading update .. 200 OK. completed ..
            
            [ ZeuS ]		 exists. [ 12/05/17 23:35:17 ]
            [ DShield ]		 Downloading update .. 200 OK. completed ..
            
            [ ETCompromised ]	 exists. [ 12/05/17 23:35:18 ]
            [ ETDshield ]		 exists.
            [ Tor ]			 Downloading update .. 200 OK
              Remote timestamp missing . completed ..
            
            ===[  Aliastables / Rules  ]==========================================
            
            No changes to Firewall rules, skipping Filter Reload
            
             Updating: pfB_Blacklists
            12900 addresses added.6488 addresses deleted.
            
            ===[ FINAL Processing ]=====================================
            
               [ Original IP count   ]  [ 25273 ]
            
            ===[ Deny List IP Counts ]===========================
            
               25093 total
               15000 /var/db/pfblockerng/deny/CIArmy.txt
                6447 /var/db/pfblockerng/deny/Tor.txt
                1975 /var/db/pfblockerng/deny/ETDshield.txt
                1512 /var/db/pfblockerng/deny/ETCompromised.txt
                 119 /var/db/pfblockerng/deny/ZeuS.txt
                  40 /var/db/pfblockerng/deny/DShield.txt
            
            ===[ DNSBL Domain/IP Counts ] ===================================
            
              903402 total
              871989 /var/db/pfblockerng/dnsbl/bambenek.txt
               14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
               12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
                2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
                1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
                 405 /var/db/pfblockerng/dnsbl/Adaway.txt
            
            ====================[ Last Updated List Summary ]==============
            
            Dec 5	05:30	ETDshield
            Dec 5	05:31	ETCompromised
            Dec 5	23:21	ZeuS
            Dec 5	23:25	CIArmy
            Dec 5	23:30	DShield
            Dec 5	23:35	Tor
            
            IPv4 alias tables IP count
            -----------------------------
            25094
            
            IPv6 alias tables IP count
            -----------------------------
            0
            
            Alias table IP Counts
            -----------------------------
               25094 total
               25093 /var/db/aliastables/pfB_Blacklists.txt
                   1 /var/db/aliastables/pfB_DNSBLIP.txt
            
            pfSense Table Stats
            -------------------
            table-entries hard limit  2000000
            Table Usage Count         121303
            
             UPDATE PROCESS ENDED [ 12/05/17 23:35:19 ]
            
            **Saving configuration [ 12/05/17 23:49:42 ] ...
             UPDATE PROCESS START [ 12/05/17 23:49:49 ]
            
            ===[  DNSBL Process  ]================================================
            
            [ malwaredomainlist ]	 Reload . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              1146     1146       0          0          0          1146                 
              ----------------------------------------------------------------------
            
            [ malwaredomains ]	 Reload . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              14906    14906      16         0          0          14890                
              ----------------------------------------------------------------------
            
            [ bambenek ]		 Reload [ 12/05/17 23:49:50 ] . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              889400   872175     186        0          0          871989               
              ----------------------------------------------------------------------
            
            [ Yoyo ]		 Reload [ 12/05/17 23:50:38 ] . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              2497     2497       0          0          0          2497                 
              ----------------------------------------------------------------------
            
            [ Adaway ]		 Reload [ 12/05/17 23:50:40 ] . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              409      409        4          0          0          405                  
              ----------------------------------------------------------------------
            
            [ Winhelp ]		 Reload [ 12/05/17 23:50:43 ] . completed ..
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              13017    13017      542        0          0          12475                
              ----------------------------------------------------------------------
            
            [ Youtube ]		 Downloading update [ 12/05/17 23:50:45 ] .. 200 OK.
              ----------------------------------------------------------------------
              Orig.    Unique     # Dups     # White    # Alexa    Final                
              ----------------------------------------------------------------------
              1754     1549       19         0          0          1530                 
              ----------------------------------------------------------------------
            
              DNSBL: Flush DNSBL_IP
            ------------------------------------------
            Assembling database... completed
            Validating database... Skipped [ 12/05/17 23:51:06 ]
            Reloading Unbound.... completed
            DNSBL update [ 904932 | PASSED  ]... completed [ 12/05/17 23:51:21 ]
            ------------------------------------------
            
            ===[  Continent Process  ]============================================
            
            ===[  IPv4 Process  ]=================================================
            
            [ CIArmy ]		 Reload . completed ..
            
            [ ZeuS ]		 Reload [ 12/05/17 23:51:22 ] . completed ..
            
            [ DShield ]		 Reload . completed ..
            
            [ ETCompromised ]	 Reload . completed ..
            
            [ ETDshield ]		 Reload . completed ..
            
            [ Tor ]			 Reload . completed ..
            
            ===[  Aliastables / Rules  ]==========================================
            
            No changes to Firewall rules, skipping Filter Reload
            
             Updating: pfB_Blacklists
            28 addresses added.
            
            ===[ FINAL Processing ]=====================================
            
               [ Original IP count   ]  [ 25273 ]
            
            ===[ Deny List IP Counts ]===========================
            
               25293 total
               15000 /var/db/pfblockerng/deny/CIArmy.txt
                6447 /var/db/pfblockerng/deny/Tor.txt
                2104 /var/db/pfblockerng/deny/ETDshield.txt
                1583 /var/db/pfblockerng/deny/ETCompromised.txt
                 119 /var/db/pfblockerng/deny/ZeuS.txt
                  40 /var/db/pfblockerng/deny/DShield.txt
            
            ===[ DNSBL Domain/IP Counts ] ===================================
            
              904932 total
              871989 /var/db/pfblockerng/dnsbl/bambenek.txt
               14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
               12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
                2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
                1530 /var/db/pfblockerng/dnsbl/Youtube.txt
                1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
                 405 /var/db/pfblockerng/dnsbl/Adaway.txt
            
            ====================[ Last Updated List Summary ]==============
            
            Dec 5	05:30	ETDshield
            Dec 5	05:31	ETCompromised
            Dec 5	23:21	ZeuS
            Dec 5	23:25	CIArmy
            Dec 5	23:30	DShield
            Dec 5	23:35	Tor
            
            IPv4 alias tables IP count
            -----------------------------
            25294
            
            IPv6 alias tables IP count
            -----------------------------
            0
            
            Alias table IP Counts
            -----------------------------
               25294 total
               25293 /var/db/aliastables/pfB_Blacklists.txt
                   1 /var/db/aliastables/pfB_DNSBLIP.txt
            
            pfSense Table Stats
            -------------------
            table-entries hard limit  2000000
            Table Usage Count         121331
            
             UPDATE PROCESS ENDED [ 12/05/17 23:51:23 ]
            
            **Saving configuration [ 12/05/17 23:56:10 ] ...
            
            **Saving configuration [ 12/05/17 23:57:47 ] ...
            
            

            extras.log

            Country code update Start [ 12/05/17 23:12:49 ]
             Converting MaxMind Country databases for pfBlockerNG.
             Processing ISO IPv4 Continent/Country Data [ 12/05/17 23:12:50 ]
             Processing ISO IPv6 Continent/Country Data [ 12/05/17 23:13:07 ]
             Creating pfBlockerNG Continent XML files
             IPv4 Africa			 [ 12/05/17 23:13:11 ]
             IPv6 Africa			
             IPv4 Antarctica		
             IPv6 Antarctica		
             IPv4 Asia			
             IPv6 Asia			 [ 12/05/17 23:13:13 ]
             IPv4 Europe			
             IPv6 Europe			 [ 12/05/17 23:13:19 ]
             IPv4 North America		 [ 12/05/17 23:13:22 ]
             IPv6 North America		 [ 12/05/17 23:13:26 ]
             IPv4 Oceania			
             IPv6 Oceania			 [ 12/05/17 23:13:27 ]
             IPv4 South America		
             IPv6 South America		
             IPv4 Proxy and Satellite	
             IPv6 Proxy and Satellite	
             IPv4 TOP 20			
             IPv6 TOP 20			 [ 12/05/17 23:13:28 ]
             pfBlockerNG Reputation Tab
            Country Code Update Ended
            
            

            maxmind_ver

            MaxMind GeoLite2 Date/Time Stamp
            Last-Modified: Mon, 06 Nov 2017 19:15:47 GMT
            Duplicate Represented IP4 Networks: 31851
            Duplicate Represented IP6 Networks: 3052
            
            

            All other logs are blank or missing.

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS
              last edited by

              Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
              One domain from Adaway: http://mobiledl.adobe.com/

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • R
                Riftcore34
                last edited by

                @RonpfS:

                Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
                One domain from Adaway: http://mobiledl.adobe.com/

                When I go to yahoo its covered in Ads, The Ipv4 black list is working but DNSBL ads and malware lists are not.

                1 Reply Last reply Reply Quote 0
                • RonpfSR
                  RonpfS
                  last edited by

                  On pfsense what does this look like

                  dig mobiledl.adobe.com
                  
                  ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com
                  ;; global options: +cmd
                  ;; Got answer:
                  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091
                  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                  
                  ;; OPT PSEUDOSECTION:
                  ; EDNS: version: 0, flags:; udp: 4096
                  ;; QUESTION SECTION:
                  ;mobiledl.adobe.com.		IN	A
                  
                  ;; ANSWER SECTION:
                  mobiledl.adobe.com.	60	IN	A	10.10.10.1
                  
                  ;; Query time: 0 msec
                  ;; SERVER: 127.0.0.1#53(127.0.0.1)
                  ;; WHEN: Tue Dec 05 19:13:56 EST 2017
                  ;; MSG SIZE  rcvd: 63
                  

                  2.4.5-RELEASE-p1 (amd64)
                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                  1 Reply Last reply Reply Quote 0
                  • R
                    Riftcore34
                    last edited by

                    @RonpfS:

                    On pfsense what does this look like

                    dig mobiledl.adobe.com
                    
                    ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com
                    ;; global options: +cmd
                    ;; Got answer:
                    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091
                    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                    
                    ;; OPT PSEUDOSECTION:
                    ; EDNS: version: 0, flags:; udp: 4096
                    ;; QUESTION SECTION:
                    ;mobiledl.adobe.com.		IN	A
                    
                    ;; ANSWER SECTION:
                    mobiledl.adobe.com.	60	IN	A	10.10.10.1
                    
                    ;; Query time: 0 msec
                    ;; SERVER: 127.0.0.1#53(127.0.0.1)
                    ;; WHEN: Tue Dec 05 19:13:56 EST 2017
                    ;; MSG SIZE  rcvd: 63
                    

                    on that page on chrome I get this

                    Invalid URL

                    The requested URL "[no URL]", is invalid.
                    Reference #9.1f7469d5.1512519331.2d2d26a0

                    1 Reply Last reply Reply Quote 0
                    • R
                      Riftcore34
                      last edited by

                      But that is in my

                      pfB_Blacklists IPv4 not DNSBL

                      1 Reply Last reply Reply Quote 0
                      • RonpfSR
                        RonpfS
                        last edited by

                        You can also Diagnostics / Command prompt to run the dig command

                        For DNSBL to function, your devices have to use the pfsense DNS Resolver. On on those device you need to check the DNS service resolution config.
                        On a Windows system, open a command prompt and to a nslookup of one FQDN from you DSNBL Files.
                        Devices also have to be able to reach the VIP (10.10.10.1), try to ping the VIP ip from that device. Try to open your VIP on a browser.

                        2.4.5-RELEASE-p1 (amd64)
                        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                        1 Reply Last reply Reply Quote 0
                        • R
                          Riftcore34
                          last edited by

                          I know its not working as ont he widget the packets don't update just stays on 0 used to go up etc…

                          It used to just work on everything in the house I never did anything to each device.

                          it just worked haha.

                          1 Reply Last reply Reply Quote 0
                          • RonpfSR
                            RonpfS
                            last edited by

                            Check the Services page and restart pfblockerNG services
                            Check the System Logs General and Resolver

                            2.4.5-RELEASE-p1 (amd64)
                            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                            1 Reply Last reply Reply Quote 0
                            • R
                              Riftcore34
                              last edited by

                              @RonpfS:

                              Check the Services page and restart pfblockerNG services
                              Check the System Logs General and Resolver

                              Silly question where are the "Check the System Logs General and Resolver" I can't find them.

                              1 Reply Last reply Reply Quote 0
                              • RonpfSR
                                RonpfS
                                last edited by

                                Status / System Logs / System / General
                                Status / System Logs / System / DNS Resolver

                                2.4.5-RELEASE-p1 (amd64)
                                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                1 Reply Last reply Reply Quote 0
                                • R
                                  Riftcore34
                                  last edited by

                                  @RonpfS:

                                  Status / System Logs / System / General
                                  Status / System Logs / System / DNS Resolver

                                  Thanks

                                  Last 2 General Log Entries. (Maximum 50)
                                  Time	Process	PID	Message
                                  Dec 6 00:37:03	syslogd		kernel boot file is /boot/kernel/kernel
                                  Dec 6 00:37:09	pfsense.localdomain		nginx: 2017/12/06 00:37:09 [error] 35192#100148: send() failed (54: Connection reset by peer)
                                  
                                  Last 11 DNS Resolver Log Entries. (Maximum 50)
                                  Time	Process	PID	Message
                                  Dec 6 00:37:28	unbound	78841:0	notice: init module 0: validator
                                  Dec 6 00:37:28	unbound	78841:0	notice: init module 1: iterator
                                  Dec 6 00:37:28	unbound	78841:0	info: start of service (unbound 1.6.6).
                                  Dec 6 00:37:28	unbound	78841:0	info: service stopped (unbound 1.6.6).
                                  Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                                  Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
                                  Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                                  Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
                                  Dec 6 00:37:43	unbound	41622:0	notice: init module 0: validator
                                  Dec 6 00:37:43	unbound	41622:0	notice: init module 1: iterator
                                  Dec 6 00:37:43	unbound	41622:0	info: start of service (unbound 1.6.6).
                                  

                                  Nothing bad really. (I think)
                                  Thanks again for the help. I hate ads can't wait to get this going again.

                                  1 Reply Last reply Reply Quote 0
                                  • RonpfSR
                                    RonpfS
                                    last edited by

                                    Last 2 General Log Entries. (Maximum 50)

                                    Strange that you only get 2 entries …
                                    Maybe increase the log files size (may need to Reset logs for this to take effect)
                                    Also increase the GUI Log Entries

                                    You didn't answer my questions about dig, VIP ping etc

                                    2.4.5-RELEASE-p1 (amd64)
                                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      Riftcore34
                                      last edited by

                                      @RonpfS:

                                      Last 2 General Log Entries. (Maximum 50)

                                      Strange that you only get 2 entries …
                                      Maybe increase the log files size (may need to Reset logs for this to take effect)
                                      Also increase the GUI Log Entries

                                      You didn't answer my questions about dig, VIP ping etc

                                      Done
                                      Did you edit that part it I missed it

                                      C:\Users\darkv>nslookup DQDN
                                      Server:  resolver1.opendns.com
                                      Address:  208.67.222.222
                                      
                                      *** resolver1.opendns.com can't find DQDN: Non-existent domain
                                      
                                      C:\Users\darkv>ping 10.10.10.1
                                      
                                      Pinging 10.10.10.1 with 32 bytes of data:
                                      Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
                                      Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
                                      Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
                                      Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
                                      
                                      Ping statistics for 10.10.10.1:
                                          Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                                      Approximate round trip times in milli-seconds:
                                          Minimum = 1ms, Maximum = 1ms, Average = 1ms
                                      
                                      C:\Users\darkv>
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • RonpfSR
                                        RonpfS
                                        last edited by

                                        Yes I did edited my post  :P
                                        FQDN is Fully qualified domain name … so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on it

                                        nslookup mobiledl.adobe.com
                                        Serveur :   pfsense.localdomain
                                        Address:  172.xxx.xxx.254
                                        
                                        Nom :    mobiledl.adobe.com
                                        Address:  10.10.10.1
                                        

                                        2.4.5-RELEASE-p1 (amd64)
                                        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          Riftcore34
                                          last edited by

                                          You mean like this?

                                          C:\Users\darkv>nslookup amoffers.hasoffers.com
                                          Server:  resolver1.opendns.com
                                          Address:  208.67.222.222
                                          
                                          Non-authoritative answer:
                                          Name:    use-app04.hasoffers.com
                                          Addresses:  52.5.77.91
                                                    52.6.99.184
                                                    34.230.229.216
                                          Aliases:  amoffers.hasoffers.com
                                          
                                          C:\Users\darkv>nslookup mobiledl.adobe.com
                                          Server:  resolver1.opendns.com
                                          Address:  208.67.222.222
                                          
                                          Non-authoritative answer:
                                          Name:    a1800.g.akamai.net
                                          Addresses:  213.104.143.171
                                                    213.104.143.162
                                          Aliases:  mobiledl.adobe.com
                                                    mobiledl.adobe.com.edgesuite.net
                                          
                                          
                                          1 Reply Last reply Reply Quote 0
                                          • RonpfSR
                                            RonpfS
                                            last edited by

                                            Yes
                                            This shows that your Windows is using resolver1.opendns.com for DNS resolution.
                                            Now do dig amoffers.hasoffers.com in    Diagnostics / Command Prompt

                                            Next check / post  your DNS Resolver configuration

                                            2.4.5-RELEASE-p1 (amd64)
                                            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.