Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblockerng DNSBL not going to the block page

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 3 Posters 503 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dennis0612
      last edited by

      The redirection is successful, and blocked traffic is being directed to 10.10.10.1. However, instead of displaying the block page, the login page for pfSense is appearing. I have spent about an hour searching Google for a solution but haven't found much. I would greatly appreciate any help. I will upload any necessary settings to assist with troubleshooting.
      Screenshot 2024-08-16 152451.png
      Screenshot 2024-08-16 153728.png
      Screenshot 2024-08-16 152736.png

      GertjanG S 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @Dennis0612
        last edited by Gertjan

        @Dennis0612

        This :

        f69d90b4-919c-4010-a121-ac231b0ba89d-image.png

        is a major issue.

        [ and scrap the rest ]

        I was miss reading.

        When you point your browser to 10.10.10.1, what do you see ?

        I see this :

        eaf4e287-2e55-4e75-8409-c5ee3c553f4a-image.png

        => something like 10.10.10.1 is blocking itself ^^

        10.10.10.1 is not and can not be the GUI, who listining on 192.168.34.1 - your LAN.

        Btw : this "DNSBL Webserver" page only works well when you visit sites on the internet using http.
        Bad news, and you know it : these do not exist anymore. Google has stopped indexing them for years now.
        Most browser will emit big warning messages that you are visiting a web site using non encrypted traffic.

        Now : do the 1+1= ? test.

        What happens when you want to visit www.facebook.com
        and you have www.facebook.com on your DNSBL list.

        Do you think you'll see the image I've shown above ?
        I'll rephrase :
        Do you think that your browser who want to go to www.facebook.com, and receives an answer from "10.10.10.1" (or pfsense0.yourlocalhomedoman.tld with a self signed cert) will accept this answer from 10.10.10.1 without dropping a huge error message on the screen ?
        As this is pure Man In The Middle attack. And that's bad.

        So, you probably ask yourself : is this "DNSBL Webserver" page functionality use-full ?
        Noop, not at all. It worked well when everybody was http - and that's not the case anymore.
        https can't be redirected. You don't want it to be redirected. Like never.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        D 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @Dennis0612
          last edited by

          @Dennis0612 Is 10.10.10.0/24 an interface on pfSense? It needs to be unused.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote πŸ‘ helpful posts!

          D 1 Reply Last reply Reply Quote 0
          • D
            Dennis0612 @Gertjan
            last edited by Dennis0612

            @Gertjan
            Thanks for the reply. I fixed the redirection by changing the pfblocker dnsbl listening ports. They were conflicting. After I did this I noticed the DNSBL server would just not start. So I went and forcefully started it with a command and received an output of β€œ libssl.so.30" not found, required by "pkg" so I did some googling and upgraded to 2.7.2 from 2.7.0 and this fixed the issue. Now everything is working how it should be. I know it’s not really useful I just wanted to mess around with it for fun.

            GertjanG 1 Reply Last reply Reply Quote 0
            • D
              Dennis0612 @SteveITS
              last edited by

              @SteveITS Thanks for the reply. The redirection ended up being causes by conflicting ports. I have it working normally now.

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @Dennis0612
                last edited by

                @Dennis0612 said in Pfblockerng DNSBL not going to the block page:

                β€œ libssl.so.30" not found, required by "pkg" so I did some googling and upgraded to 2.7.2 from 2.7.0 and this fixed the issue

                Classic.
                You've installed and/or upgrades pfSense packages without updating / upgrading pfSense fist.
                That breaks things.

                As soon as you decide to stay behind with pfSense, like keeping 2.7.0 while 2.7.2 is out, you can't / shouldn't update, install, upgrade packages anymore.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • GertjanG Gertjan referenced this topic on
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.