Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dansguardian Bypass

    Scheduled Pinned Locked Moved General pfSense Questions
    25 Posts 5 Posters 13.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mrnadj
      last edited by

      rjcrowder & all,

      I could really use some help.
      I have installed the script with the -b option, and it almost works.

      My configuration is:
      WAN = 192.168.1.100  /24  + ( GW: 192.168.1.1=adsl )
      LAN = 192.168.1.2      /24    + (No Gateway)    + (dhcpServer 192.168.1.34 - 192.168.1.64)

      I had to create a new rule in NAT:
      : -> *:80 redirect-> 192.168.1.2:8080
      basically any traffic, redirect to DANS on port 8080

      I have tested on a VirtualBox Client, and it gets a DHCP assigned address, with the 192.168.1.2 as gateway,
      and it all seems to work. Its requests are even logged by Dans.

      But when I test with a Actual Laptop, it gets the DHCP assigned address, with the 192.168.1.2 as gateway,
      but no HTTP Traffic seems to work, and its requests are not logged by Dans.

      I have tried apply_custom.sh -i, but it did not fix anything.
      I have also tried adding PASS rules to firewall and disabling any Block rules, still no go.

      As I understand it, this should only require like 1 NAT Rule, and maybe 1 LAN FW Rule, 1 WAN FW Rule?

      1 Reply Last reply Reply Quote 0
      • R Offline
        rjcrowder
        last edited by

        From what you describe, I can't figure what is wrong. Let me make a couple of statements (that might be helpful) and throw out one potential issue that you can check…

        1.) The install script I created copies a config.xml in place. That config.xml sets the DHCP assigned range based on the fact that other ranges of addresses are used for specific devices. It sounds like you stuck with the address setup that I had configured so that's good. The config.xml had some pre-created rules that redirected to dans (port 8080) so you should not have needed to create your own rule. However, I don't know that I ever tried it with an address other than a ".1" for the gateway (think you did ".2").

        2. One of the other modification I did was turning on the captive portal to enable the IPFW firewall. It then creates rules to skip the  normal portal rules and check certain address ranges to make sure that no one is "hijacking" mac addresses. This is particularly important for the address ranges that are unfiltered - you don't want someone to get around the filter by manually setting their IP to one that is unfiltered. One of the things I've discovered is that there are situations where pfSense will see multiple MAC addresses for the same IP!!! The two things that I know can cause this to occur are a wireless access point configured as a wireless adapter (such as for an xbox) and a virtual machine running on a host with its own MAC address.  I made a way to add additional "valid" MAC's for the same IP by adding them to a file that is used when the IPFW rules are created. The file is manually editable under /usr/local/ipfw_macip directory. In a newer version of my modifications (not posted on dropbox yet), I also added it to the DHCP screen.

        You can easily check to see if traffic is hitting the box for a MAC and also see if it is being blocked in IPFW by looking at the IPFW rule listing. I believe the command is "ipfw -x Dummy list" (don't remember for sure... might be "show" instead of list).

        Hope that's helpful...

        1 Reply Last reply Reply Quote 0
        • S Offline
          series_rp
          last edited by

          i found this problem too… thank for shareing...guy :D

          series-republic

          1 Reply Last reply Reply Quote 0
          • M Offline
            mrnadj
            last edited by

            rjcrowder ,

            Thank you again for your guide, and assistance!

            I thought this was impossible for me, after already spending about 5 days on it.

            I gave it another go today, I was able to get Firefox, with manual HTTP Proxy to connect to Dans on 8080.

            Once I had that working I set the Laptop to use PFS as Gateway.
            With all the firewall rules deleted, it simply forwarded all traffic directed at the gateway.
            I could see this on the console, option 10), pf Logs

            I then added a Reject All traffic rule
            Then I added a NAT rule for port 80.
            Then a FW Allow rule for 443.

            It now works well. Thank you rjcrowder. I am a programmer, and even I found this beyond challenging!

            1 Reply Last reply Reply Quote 0
            • R Offline
              rjcrowder
              last edited by

              Hmmm… sorry about that. I intended these scripts to be an easy way to setup a very specific configuration. I've never had any issue as long as I've stuck strictly to the intended use case.  The downside of that approach is that I haven't tried a lot of variations (multiple gateway boxes, different gateway addresses, etc.) and I'm sure there are multiple ways it could be broken. However, if you can pin down issues with the install process or instructions (or give me enough info that I can find them) I'd love to know what they were so that I can try to fix them.

              I'm a software guy by trade as well. What I've learned about networking has been purely by playing with stuff like this. Nice to see someone else branching out...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.