pfBlockerNG not blocking from the LAN



  • Hello,
    I am playing with pfBlockerNG (2.2.5_20), and I used the wizard to configure it.
    It seems to be active and running just fine, but what is funny is that I get the expected behavior if I nslookup a site that should be on the list:

    nslookup secure.quantserve.com
    Server:		127.0.0.1
    Address:	127.0.0.1#53
    
    Name:	secure.quantserve.com
    Address: 10.10.10.1
    

    But, if I try the same for anywhere in the LAN I actually can resolve the name:

    nslookup  secure.quantserve.com
    ;; Truncated, retrying in TCP mode.
    Server:		127.0.0.1
    Address:	127.0.0.1#53
    
    Non-authoritative answer:
    secure.quantserve.com	canonical name = 2kpixel.quantserve.com.
    2kpixel.quantserve.com	canonical name = global.px.quantserve.com.
    global.px.quantserve.com	canonical name = pixel-use101-lighttpd.pixel.quantserve.net.
    pixel-use101-lighttpd.pixel.quantserve.net	canonical name = internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com.
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.225
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.227
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.223
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.217
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.206
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.193
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.194
    Name:	internal-pixel-use101-lighttpd-elb-1202564112.us-east-1.elb.amazonaws.com
    Address: 192.184.68.212
    

    Any suggestions on what I might be doing wrong? This is the out of the box wizard config...

    Thanks in advance!



  • @apellegr said in pfBlockerNG not blocking from the LAN:

    secure.quantserve.com

    Actually looks like a DNS issue on the mac I am using to run the tests, somehow it's still using its own DNS setting.


  • LAYER 8 Global Moderator

    Yeah looks like its pointing to local caching prob running dnsmasq locally and that is forwarding to where exactly?



  • Thanks for the reply, Johnpoz. Turns out that some of the firewalls/antiviruses in the Mac are messing with the DNS. Everything is working fine on systems that don't have that junk.


Log in to reply