Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Having difficulty with implementation

    pfBlockerNG
    3
    5
    141
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      usaevo7 last edited by

      This is my first time setting up pfsense and therefore pfblockerng-devel. I had some initial connection issues and issues with swapping out my old Sonicwall but have since resolved that. The unit seems pretty stable now after working through setting up pfblocker and it giving me fits with maximum table size, geoip blocking all wan traffic, and some other oddities. Now that its configured Im trying to wrap my head around how to get the DNS portion working so that my local windows server doing DHCP and DNS wont be affected by having to pfsense do the DNS in order for DNSBL to work for content filtering which is my ultimate goal. I would prefer not to change my DHCP settings which currently have the same server as DNS if possible. Ive read theres a way to forward all other resolvable traffic but Im not sure how to do that. Its a windows 2008 R2 and has something called Conditional Forwarder but I dont see how that would work in this case. What is recommended here? Currently with everything setup the clients are still resolving with the windows server and nothing is going through DNSBL. Thanks

      BBcan177 1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator @usaevo7 last edited by

        @usaevo7

        You can use your existing DNS Server, and set the DNS Forwarders pointing to pfSense which will allow DNSBL to filter the DNS Requests. Then pfSense will go outbound for any permitted DNS traffic.

        1 Reply Last reply Reply Quote 0
        • U
          usaevo7 last edited by usaevo7

          Ok found it and added the pfsense IP, does the result need to fully resolve the FQDN? I went in and added the correct domain for our windows domain to pfsense if that makes any difference. I did a /flushdns on the server and client (my workstation) but nothing seems to have changed. DNS still seems to be resolved by the windows server. Im missing something... just not sure what.
          Untitled.png

          T 1 Reply Last reply Reply Quote 0
          • T
            teamits @usaevo7 last edited by

            Is that supposed to be 10.1.1.254? 100.1.1.254 is a Verizon IP...

            The FQDN will display if the Windows server can resolve the IP.

            If the Windows server is set to forward it will pass the request on. There should be a checkbox somewhere in the settings as to whether it should use the root servers if it doesn't get a response from the forwarding server(s).

            The Windows DNS server has a cache also, you can restart the server or right click the server in the DNS management console and "clear cache."

            1 Reply Last reply Reply Quote 0
            • U
              usaevo7 last edited by

              It appears to be working now that the cache is cleared, thanks.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy