But I changed the pfsense default 10.10.10.1 to 172.16.0.1 to stay out of the 10.x.x.x CIDR range.
I do not get the warning page at the videos 8:26 mark when visiting a site listed on one of my dnsbl lists, i get a “potential DNS rebinding attack detected” message. Is my dnsbl setup correctly?
So I’m just trying to understand your post. Did you have DNSBL setup and it was working and then you wanted to do DNS over TLS and also changed the network and it broke?
Do you have a different port you access your pfsense on instead of the normal 80 or 443?
Also do you have an alternative dns name you are using to access the pfsense box?
Also should mention I run OpenVPN so I have NAT settings other than default:
Outbound: Automatic outbound NAT (actually reading documentation right now, I guess this is default)
1:1 has an old rule I have dissabled.
I have some port forwarding for a hassio VM that is not even up and running right now, and below that is the 8081 and 8443 for pfB DNSBL - DO NOT EDIT
Went to System > Advanced > Firewall & NAT and remembered that is where I think my NAT changes were, I have “NAT Reflection mode for port forwards” set to Pure NAT. This made it so I could access IPs on my LAN when I VPN’ed in.
I have Enable NAT Reflection for 1:1 NAT checked
and Enable automatic outbound NAT for Reflection checked.
Sorry @xMAXIMUSx I’m not ghosting, I have hit the max replies for a newb, have to wait 24 hours.
I did not find a “DNS Query Forwarding” but I have “Enable Forwarding Mode” checked.
(when is one no longer a newb and can post freely?)
I did have DNS Sever Override enabled- I have played with a mix and match of enabling and dissabling DNS Server Override and Disabled DNS Forwarder.
DNS IP is my pfsense router IP, 192.169.1.1
Very frustrating. I think the only difference with my setup and a vanilla lab setup for demonstration is:
I am running Snort as an IDS
Snort Barynard enabled to send logs out
Syslog setup to send logs out
OpenVPN so that I can remote into home when necessary
I remember playing around with a lot of NAT settings when I used to host a website, those NAT rules are current disabled.
When I navigate to one of those bad URLs, and I get this potential rebind attack, its because its trying to redirect back to 192.168.1.1 right? And not 10.10.10.1 (I changed it back to default).
Or is this because I’m running 2.1.4_22 and not the pfBlockerNG_devel build?
I’m not sure what combo I’ve done, between countless check boxes in different menu’s, rebooting my box etc but I do get nslookups of these bad URLs to return Addresses 172.16.0.1 and 10.10.10.1, and the bad URL is just a blank black screen in my browser.