I have an SG 1100 running pfsense 23.01 and I recently installed pfblockerNG-devel 3.2.0_4 a few days ago.
Didn’t make any changes to the pfblocker setup…just used default settings from the wizard.
If I look in Reports>IP Block Stats, everything is empty.
I’m also seeing continued download failures " [ [pfB_PRI1_v4 - Talos_BL_v4 ] Download FAIL [ 05/13/23 18:00:22 ]"
Any suggested troubleshooting steps would be appreciated.
Do you have an open port? If none then your pfsense firewall blocked all incoming traffic not your pfblocker
Are your systems using pfsense for DNS?
Hi Reymond -thanks for the reply.
I’ve not opened any ports…pretty much just vanilla pfSense as well as pfBlocker.
It “seems” like pfBlocker is removing some content relative to pre-installation…but this is just my subjective eval with no stats.
Hi Tom - Thanks for the reply.
I have a mix of devices on my network, but most should be getting DNS directly from pfsense which I have setup for cloudflare. There are two PCs that I have running on a VPN, but everything else “I think” should get DNS from pfSense.
Confirmed this on one of my kids tablets that it is showing cloudflare as DNS without configuring on the device.
For pfblocker to work the DNS for each devices needs to use the pfsense.
OK, I need to become more educated on DNS…external resolver, firewall, client VPN, and browser DoH.
If I have just one PC and all I use it for is web browser which has DoH…I take it pfblocker would not function as it’s bypassing the pfblocker DNS sinkhole…but if I then add a 2nd client and it gets its DNS from pfsense, would pfblocker still not work because of the PC? Or should I see stats in reporting for the 2nd client?
What happens if a VPN is installed on the firewall? How does that affect pfblocker?
Thanks for the help! Any further guidance, suggestions, or reference material to learn would be appreciated.
Welcome to the conundrums of the IT world.
When it comes to DoH, PFBlocker has a list you can enable to block that traffic or you can disable all the devices from using DoH.
I assume when you say “install a VPN” you are talking something about PIA or another company?
Typically it’s recommended to use the VPN providers DNS due to DNS leaks. But nothing is stopping you from utilizing your own DNS.
Yep, I was talking about a VPN provider like PIA…I have been using their DNS up to this point, but would also like to have pfBlocker running on my firewall…so need to figure out how to make both play nice.
Last night, I ran ipconfig /all on my main driver and found the dns servers were 220.127.116.11 and 18.104.22.168. This was with VPN turned off…should’ve been getting DNS from my pfsense firewall which is configured with it’s own local DNS server as well as two external which point to quad9. Something is happening that I don’t understand.
My network is ISP Modem>SG 1100>netgear AP running in AP mode. Prior to getting the SG 1100 I used the netgear device as my router and AP. The only thing I can guess is that my AP is forcing the DNS servers…but I see no configuration menu for it and all posts on netgear forum suggest that AP mode means it should no get DNS from my netgate firewall.
More troubleshooting. After suspecting my old router/new AP was going rogue and pushing 22.214.171.124 dns, I connected my computer directly to the LAN port on the SG 1100.
My pfsense is configured with two quad9 dns servers (126.96.36.199 and 188.8.131.52) and the resolution behavior is "Use local DNS, fall back ot remove DNS Servers). All three servers show properly in my dashboard. My PC ethernet adapter port is set to obtain DNS automatically. No VPN is running…but somehow I am still on cloudflare and google dns.
Is there something in pfsense I’ve not done, forgot to update, screwed up, etc that would cause this?
Eureka! So, I had 184.108.40.206 and 220.127.116.11 specified under the Services>DHCP Server>Servers for DNS servers 1 and 2. They’ve been erased on and now I’m on the local and quad9 servers and my pfblocker is working and generating stats which was the reason for my initial post.
Thanks for the replies and suggestions!