Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Last night pfblocker started blocking my dyndns hosts used for vpn. Where should I start?

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 3 Posters 926 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      roveer
      last edited by

      Around 11pm last night I started getting vpn down messages from my monitoring console. I have a ipsec vpn between home and office both running pfsense, only home FW running pfblockerNG devel 2.1.4.22. I rebooted both sides (which sometimes fixes the probelm) but that didn't do it. I then started poking around and realized then a ping to my dyndns controlled work address from home brought back the redirected virtual ip 10.10.10.1. If I disabled pfblockerNG the pings or nslookups would resolve correctly and the vpn would connect, with pfblocker enabled it would not.

      Not wanting to spend the entire night messing around I plugged in an ip address into the vpn settings and called it a night. Now I'm trying to figure out what happened to pfBlockerNG. Any ideas on where to start? I tried whitelisting the domain name, but may have not been doing it correctly. Also, this morning I updated pfBlockerNG to 2.2.5_32. Somehow I got on the devel version after speaking with the author about 100% hit rates displaying (long long ago). I also saw a lot of failed downloads on the lists (last night), so was thinking the upgraded version might have fixed that. So far I'm still getting the blocking, but I'm going to reboot the FW now.

      Thanks,

      Roveer

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        First thing I would do is look in your reports tab and see which list is blocking it..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        R 1 Reply Last reply Reply Quote 0
        • R
          roveer @johnpoz
          last edited by

          @johnpoz said in Last night pfblocker started blocking my dyndns hosts used for vpn. Where should I start?:

          First thing I would do is look in your reports tab and see which list is blocking it..

          First thing I did... Strange thing is, it's not appearing in any of the lists. Right now I only have 2 lists that have blocks and no entries for these domains. I just putty'd into the FW and dropped to a shell and did a "ping domainname.dyndns.org" and it comes back 10.10.10.1 which is the virtual ip I have set in pfBlockerNG If I disable pfBNG and do the same thing it comes back to the public ip of my work host (as it should). Something real funny happening here.

          Roveer

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            You want to PM me the domain and I will look to see what list it could be on.

            is something dyndns.org or you just using that as placeholder for ddns?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • S
              serbus
              last edited by

              Hello!

              On Firewall -> pfBlockerNG -> DNSBL do you have TLD enabled?

              John

              Lex parsimoniae

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                I do see what he sent me in PM on a few lists.. mostly dial up spam lists... But there are multiple spam lists in pfblocker that could be blocking it sure..

                I don't really know an easy way to query pfblocker for what lists contain what.. Other than looking at the reports and seeing what hit.. @BBcan177 would know the easiest fastest way to track down what is blocking it.. I just paged him, lets see if he is around.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • S
                  serbus
                  last edited by

                  Hello!

                  dyndns.org is listed in Malicious -> BBC_DC2 and maybe others.
                  You can check with :

                  grep -i dyndns /var/db/pfblockerng/dnsbl/*

                  at Diagnostics -> Command Prompt. I am not sure how this would cause the OP issue.

                  dyndns.org is also listed in /usr/local/pkg/pfblockerng/dnsbl_tld, which could be an issue if you have TLD turned on...? This seems more likely to be the problem.

                  John

                  Lex parsimoniae

                  1 Reply Last reply Reply Quote 0
                  • R
                    roveer
                    last edited by

                    @serbus said in Last night pfblocker started blocking my dyndns hosts used for vpn. Where should I start?:

                    Hello!

                    dyndns.org is listed in Malicious -> BBC_DC2 and maybe others.
                    You can check with :

                    grep -i dyndns /var/db/pfblockerng/dnsbl/*

                    at Diagnostics -> Command Prompt. I am not sure how this would cause the OP issue.

                    dyndns.org is also listed in /usr/local/pkg/pfblockerng/dnsbl_tld, which could be an issue if you have TLD turned on...? This seems more likely to be the problem.

                    John

                    I did the grep but it won't let me post the results (says it's a spam message). I got about 10 lines that looked like this

                    /var/db/pfblockerng/dnsbl/hpHosts_EMD.txt:local-data: "umezawa.dyndns.info 60 IN A 10.10.10.1"

                    None had my domain name and none has just dyndns.

                    I added .dyndns.org to both DLSBL whitelist and the TLD whitelist. I had tried the dnsbl whitelist before but I was putting the entire domain name. This time I just put .dyndns.org. Did a reload and it's resolving properly now.

                    Roveer

                    1 Reply Last reply Reply Quote 0
                    • S
                      serbus
                      last edited by

                      Hello!

                      I would recommend reading through all of the dropdown text under the little blue "infoicon" links for the TLD option and all of the whitelist/blacklist options on the pfb -> dnsbl page. There is some great info in there.

                      John

                      Lex parsimoniae

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.