(when is one no longer a newb and can post freely?)
I did have DNS Sever Override enabled- I have played with a mix and match of enabling and dissabling DNS Server Override and Disabled DNS Forwarder.
DNS IP is my pfsense router IP, 126.96.36.199
Very frustrating. I think the only difference with my setup and a vanilla lab setup for demonstration is:
I am running Snort as an IDS
Snort Barynard enabled to send logs out
Syslog setup to send logs out
OpenVPN so that I can remote into home when necessary
I remember playing around with a lot of NAT settings when I used to host a website, those NAT rules are current disabled.
When I navigate to one of those bad URLs, and I get this potential rebind attack, its because its trying to redirect back to 192.168.1.1 right? And not 10.10.10.1 (I changed it back to default).
Or is this because I’m running 2.1.4_22 and not the pfBlockerNG_devel build?