Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 4 5 [6] 7 8 ... 19

Author Topic: Ronski's Pfsense router build  (Read 63791 times)

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #75 on: January 05, 2017, 09:32:33 PM »

loads fine here ronski.

if you add the pfblockerng widget to the dashboard it will tell you if any hits are on the blocklists.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #76 on: January 05, 2017, 09:38:59 PM »

Already got the widget installed, but following your suggestion though I noticed the DNSBL packet count increase each time I tried to access dropbox. Disabling DNSBL cures the problem, any thoughts what could be causing it?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

NEXUS2345

  • Reg Member
  • ***
  • Posts: 235
Re: Ronski's Pfsense router build
« Reply #77 on: January 05, 2017, 09:40:40 PM »

It appears to be overriding the Dropbox SSL certificate with its own, causing HSTS to fail and Firefox to block you from reaching the site. Essentially, to ensure that you aren't loading any malware, it is giving encrypted traffic a certificate that it can decode and read, which is causing Firefox to think someone is spying on you.
Logged
Security improvement and remediation consultant with infrastructure specialisation

IDNet Openreach FTTP 1000/115 + Asus RT-AX92U | Virgin Media 200 + SuperHub 3 + Synology MR2200ac mesh | Sky 80/20 with WiFi Guarantee on Huawei 288 cabinet

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #78 on: January 05, 2017, 09:44:10 PM »

the number is clickable, if you click it then you should see a bit more info including the alias name of the block list with the false positive.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #79 on: January 05, 2017, 09:45:37 PM »

Well having enabled DNSBL again links to Dropbox are still working  ???

I haven't had any problems connecting to other HTTPS sites.

The only clickable number is the the one for the pfB_Top_v4, the other two aren't clickable?

ETA: Logging is enabled under DNSBL IP Firewall Rule Settings.
« Last Edit: January 05, 2017, 09:47:47 PM by Ronski »
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #80 on: January 05, 2017, 09:47:26 PM »

I am talking about the number in the packets column, thats the hit count.

ahh yeah after a test I see its only clickable on the ip block lists, not domain name one's.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #81 on: January 05, 2017, 09:49:41 PM »

Only clickable one is the 5 in the middle - see attached

PS Got to go now - before I get in trouble with the misses
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #82 on: January 05, 2017, 09:50:14 PM »

ok do this

goto the pfblockerng config screen

at the top area you see sections, last but one is logs, click it.
Then click dnsbl.log in log file/selection

You should see the info you need, e.g. I tested on a domain just now and here it is in that log.

Code: [Select]
DNSBL Reject,Jan 05 21:47:52,003-pc.ru,192.168.1.124, | / | Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/55.0.2883.87 Safari/537.36
DNSBL Reject,Jan 05 21:47:53,003-pc.ru,192.168.1.124,http://003-pc.ru/ | /favicon.ico | Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/55.0.2883.87 Safari/537.36

it doesnt tell you the dnsbl list tho, which might be why its advisable to split lists into their own dnsbl feed aliases so you know from the counter which list it hits.

I am using malwarepatrol also via dansguardian feed, for that one you definitely be advisable to whitelist alexa top 1k sites.
« Last Edit: January 05, 2017, 09:55:10 PM by Chrysalis »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #83 on: January 05, 2017, 10:37:31 PM »

Only entry for Dropbox (which is being blocked again) in the logs is as follows, and lots of them.

Code: [Select]
DNSBL Reject HTTPS,Jan 05 22:19:41,www.dropbox.com
Only thing Alexa related I can remember is in the DNSBL feeds, where there's an option to Enable Alexa Whitelist, is that what you mean?

Actually after a bit more Googling I've found out there also an Alexa section on the main DNSBL configuration tab, so I just need to enable it here (set to Top 1k) and as per above?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #84 on: January 05, 2017, 11:39:26 PM »

yes

yeah it has many hits in the file

https://lists.malwarepatrol.net/cgi/getfile?receipt=f1442112770&product=8&list=dansguardian

the issue is that is a url rather than domain list but pfblockerng just works on the domain, url lists are bound to have false positives when used with the url stripped so if that is to be used then you definitely want to whitelist alexa as otherwise popular file sharing sites will likely keep getting blocked.

for this reason I may disable that list.
« Last Edit: January 05, 2017, 11:43:51 PM by Chrysalis »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #85 on: January 06, 2017, 09:57:30 PM »

Having had a look in the list and with what you've written I now understand a bit more about what's happening, but although I believe I've set up Alexa for the top 1k domains Dropbox.com is still being blocked. Will it need the list to be updated before it kicks in - surely Dropbox is in the top 1000?

Perhaps as per your post above I'd be better using other lists.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #86 on: January 06, 2017, 10:09:03 PM »

Ok first goto the DNSBL main config page

scroll down and you see black bar that says Alexa Whitelist
Clink the +
Tick the enable box
Select top 1k
Select TLD's to include, or you can leave just on default which includes .com, I added more tho.

Hit save

Next click on dnsbl feeds
Click the edit button for the alias that has malware patrol
Then on the feed alias page tick enable alexa whitelist (so yes has to be enabled in two different places)
Click save
Also click apply on top if box appears.

Now click update
Click update
Click run to force an update of alexa etc.

I suggest you also do this.

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

Otherwise any client on your lan can overide the router dns by directly quering other dns servers.

Note the output below when I tried to do a lookup on google dns with a domain in a DNSBL list.

Code: [Select]
C:\Windows\system32>nslookup otorola.clever-search771.ru. 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    otorola.clever-search771.ru
Address:  10.10.10.1
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #87 on: January 12, 2017, 08:16:35 PM »

Just got chance to look at this again, or more to the point write it up. I had set up Alexa an run the update, but it still seemed not to work, but tonight it does seem to be working as expected.

I've also just added the DNS port forward rule and that works, thanks.

I've also created a free personal account with OpenDNS, and configured some options of things to block there, although this was set up last night it's not yet showing any traffic stats in my account.

Need to look at adding some other lists as well, still need to set up OpenVPN, and finish watching those videos.....
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Ronski's Pfsense router build
« Reply #88 on: February 01, 2017, 06:29:21 AM »

Got up this morning to find I had no internet access, pfSense had some sort of crash, I could still login and use the interface, but CPU temperature was up to 48 degrees (usually 36), CPU activity kept jumping up to 30 to 40%, a reboot cured it. System had been up for 29 days.

How do I go about finding out what the issue was?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Ronski's Pfsense router build
« Reply #89 on: February 01, 2017, 12:57:53 PM »

the answer was to not reboot and login to the terminal.  Then you can find if some sort of process was hung or just chewing up extra cpu, now that you have already rebooted its harder.  But you can check all the logs to see if anything stands out.
Logged
Pages: 1 ... 4 5 [6] 7 8 ... 19
 

anything