Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can we create a diagnostic sticky?

    Scheduled Pinned Locked Moved pfBlockerNG
    7 Posts 3 Posters 522 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tagit446
      last edited by

      Hello,

      I was wondering if a quick reference sticky could be created covering the different methods for diagnosing various issues with pfBlockerNG.

      For example, I am experiencing an issue now where it seems like pfBlockerNG is working since things are showing up in the alerts and I can ping 10.10.10.1. I can also browse to 10.10.10.1 and get the 1x1 pixel but at the same time I can browse to domains that are in the DNSBL block list and IP's in the IPv4 block list and not get the 1x1 pixel. To be clear, I can access sites by entering the exact IP or URL in the block list.

      I think a sticky that covers steps to verify pfBlockerNG is working correctly or not and diagnosing common problems people run into would be very helpful and possibly cut down on the questions being asked here.

      1 Reply Last reply Reply Quote 0
      • JailerJ
        Jailer
        last edited by

        Did you do a force update and force reload?

        1 Reply Last reply Reply Quote 0
        • T
          tagit446
          last edited by

          @Jailer:

          Did you do a force update and force reload?

          Several times actually.

          I am wondering if it may have something to do with my last reinstall of pfSense.

          Before uninstalling pfSense I am pretty sure it was working. I also did a complete backup using the included backup feature in pfSense.

          After reinstalling pfSense I also reinstalled the pfBlockerNG package then restored my backup config. After restoring the config I did have 2 pfSense alerts for pfBlockerNG. The alerts did not make sense to me so I marked them as read. Since then no other alerts.

          I also had both pfSense and pfBlockerNG updated to the latest versions before saving the config that I restored from.  In other words there are no version differences between my backup config and the current versions I am using now.

          I am wishing now that I had documented the 2 alerts I mentioned.

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            The logs should tell you something

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • T
              tagit446
              last edited by

              @RonpfS:

              The logs should tell you something

              I do see the following in my DNSBL.Log,

              
              DNSBL Reject,Jan 01 14:31:03,10.10.10.1,192.168.10.10, | / | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36
              DNSBL Reject HTTPS,Jan 01 14:31:03,10.10.10.1
              DNSBL Reject,Jan 01 14:31:03,10.10.10.1,192.168.10.10,http://10.10.10.1/ | /favicon.ico | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36
              DNSBL Reject,Jan 01 17:50:07,10.10.10.1,192.168.10.10, | / | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/63.0.3239.108 Safari/537.36
              
              

              192.168.10.10 is the local address for the PC I am testing on. I am unsure if the above is from me browsing to 10.10.10.1 or the reason pfBlockerNG seems to not be working.

              Other than the above I do not see anything I would consider suspicious in any of the other logs.

              1 Reply Last reply Reply Quote 0
              • RonpfSR
                RonpfS
                last edited by

                You are using pfsense DNS Resolver ?
                And you PCs are using pfsense for DNS service ?
                Maybe post the logs after a Force Reload DNSBL ?

                2.4.5-RELEASE-p1 (amd64)
                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                1 Reply Last reply Reply Quote 0
                • T
                  tagit446
                  last edited by

                  @RonpfS:

                  You are using pfsense DNS Resolver ?
                  And you PCs are using pfsense for DNS service ?
                  Maybe post the logs after a Force Reload DNSBL ?

                  If my settings are correct I should be using the DNS Resolver.

                  Most all of my connected device are setup with static settings. For each they use the pfSense's interface gateway address for the DNS address. For example, the PC I have been using for testing pfSense has an IP of 192.168.10.10, Gateway is 192.168.10.1 and the DNS is also 192.168.10.1.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.