Bindings missing 127.0.0.2

adam:ONE® pfSense
1

The instruction is:
Confirm these specific bindings are present for 127.0.0.2 so that non-local DNS usage is hijacked and answered by policy:

root     anmuscle     191 22  udp4   127.0.0.2:53          *:*
root     anmuscle     191 23  tcp4   127.0.0.2:53          *:*

These are my bindings:
root anmuscle 37283 20 udp4 192.168.5.1:53 :
root anmuscle 37283 21 tcp4 192.168.5.1:53 :
root anmuscle 37283 22 tcp4 74.97.40.240:16512 34.120.84.240:1883
root anmuscle 37283 23 tcp4 74.97.40.240:64862 34.120.84.240:443
root anmuscle 37283 26 tcp4 192.168.5.1:80 :
root anmuscle 37283 27 tcp4 192.168.5.1:443 :
root anmuscle 37283 28 udp4 192.168.5.1:137 :

I do have the virtual IP:
127.0.0.2/8 Localhost IP Alias for DNS hijacking
But I also still have pfBlockerNG still there (above it):
10.10.10.1/32 Localhost IP Alias pfB DNSBL - DO NOT EDIT
Could that be the problem?

2

Hi @Fred_H I don’t think that’s the problem. Can you also show what the dns-listener value is in /usr/local/etc/adamone/anmuscle.conf

You may have to add it there and restart anmuscle service anmuscle.sh restart
Or run adamone-setup configure to select it as a listening IP.

3

dns-listener=192.168.5.1@53,127.0.0.2@53

4

Do you have something else bound to it? You can see this by running sockstat | grep :53

5

Results of sockstat | grep:53:
unbound unbound 34381 3 udp4 127.0.0.1:53 :
unbound unbound 34381 4 tcp4 127.0.0.1:53 :
unbound unbound 34381 5 udp6 ::1:53 :
unbound unbound 34381 6 tcp6 ::1:53 :
root anmuscle 37283 20 udp4 192.168.5.1:53 :
root anmuscle 37283 21 tcp4 192.168.5.1:53 :

6

I’ve been working over the weekend as this is my home system. I removed pfBlockerNG and implemented the suggested NAT changes. These are now my results to sockstat |grep anmuscle:

root anmuscle 15196 8 stream /var/run/php-fpm.socket
root anmuscle 15196 12 stream /var/run/php-fpm.socket
root anmuscle 15196 21 udp4 192.168.5.1:53 :
root anmuscle 15196 22 tcp4 192.168.5.1:53 :
root anmuscle 15196 23 tcp4 74.97.40.240:33879 34.120.84.240:443
root anmuscle 15196 25 tcp4 74.97.40.240:8078 34.120.84.240:1883
root anmuscle 15196 27 tcp4 192.168.5.1:80 :
root anmuscle 15196 28 tcp4 192.168.5.1:443 :
root anmuscle 15196 29 udp4 192.168.5.1:137 :
root anmuscle 15052 8 stream /var/run/php-fpm.socket
root anmuscle 15052 12 stream /var/run/php-fpm.socket

Everything seems to be working properly (and faster). But following instructions doesn’t give me the confidence that things are working as they should. I’m hoping that the above will allow you to say that it’s working properly.

7

The only thing I see that doesn’t appear right is that anmuscle is not listening on the IP 127.0.0.2.
Try running service anmuscle.sh restart and also make sure 127.0.0.2 has been added as an IP Alias for localhost.

8

I did both.

New results (2 new rows, but no 127.0.0.2):
root anmuscle 78552 8 stream /var/run/php-fpm.socket
root anmuscle 78552 12 stream /var/run/php-fpm.socket
root anmuscle 78552 21 udp4 192.168.5.1:53 :
root anmuscle 78552 22 tcp4 192.168.5.1:53 :
root anmuscle 78552 23 tcp4 74.97.40.240:61893 34.120.84.240:443
root anmuscle 78552 24 udp4 *:8190 :
root anmuscle 78552 25 tcp4 74.97.40.240:11604 34.120.84.240:1883
root anmuscle 78552 27 tcp4 192.168.5.1:80 :
root anmuscle 78552 28 tcp4 192.168.5.1:443 :
root anmuscle 78552 29 udp4 192.168.5.1:137 :
root anmuscle 78257 8 stream /var/run/php-fpm.socket
root anmuscle 78257 12 stream /var/run/php-fpm.socket

Virtual IP Address (it’s there)
127.0.0.2/8 Localhost IP Alias for DNS hijacking

9

You currently have it listening on your WAN which is not something you want.
If you run ifconfig do you see 127.0.0.2 under lo0?

10

Yes.
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0x0
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

11

Reran adamone-setup configure and it was already listening to 127.0.0.2, and I left it unchanged.

Available Interface Addresses:

1 - WAN (74.97.40.240)
2 - *LAN (192.168.5.1)
3 - LAN (2600:4040:5e5b:ad00:2e0:67ff:fe26:5ae5)
4 - *127.0.0.2 (for DNS hijacking) (127.0.0.2)
5 - Localhost (127.0.0.1)
6 - Localhost (::1)

Select the addresses you would like adam:ONE to listen on separated by a comma, press to skip [2,4]:

12

Oops, No. Just 127.0.0.1. Sorry

13

Tried setting pfsense to use remote dns server, ignore local. Ran sockstat |grep anmuscle, then switched back to default and ran it again. Results were identical and different from yesterday (without other changes):
root anmuscle 11714 20 udp4 192.168.5.1:53 :
root anmuscle 11714 21 tcp4 192.168.5.1:53 :
root anmuscle 11714 22 tcp4 74.97.40.240:14849 34.120.84.240:1883
root anmuscle 11714 25 tcp4 74.97.40.240:60463 34.120.84.240:443
root anmuscle 11714 26 tcp4 192.168.5.1:80 :
root anmuscle 11714 27 tcp4 192.168.5.1:443 :
root anmuscle 11714 28 udp4 192.168.5.1:137 :

14

Hi Arthur,

Thanks for all the help so far.

It seems to be ignoring the virtual IP; so I edited it (no changes) and applied it. Now 127.0.0.2 is showing in the bindings, while not as shown in the Install file (still listening on WAN) it now appears to be listening on the LAN:
root anmuscle 484 20 udp4 192.168.5.1:53 :
root anmuscle 484 21 tcp4 192.168.5.1:53 :
root anmuscle 484 22 tcp4 74.97.40.240:25043 34.120.84.240:1883
root anmuscle 484 23 tcp4 74.97.40.240:11240 34.120.84.240:443
root anmuscle 484 24 tcp4 127.0.0.2:443 :
root anmuscle 484 25 udp4 127.0.0.2:53 :
root anmuscle 484 26 tcp4 192.168.5.1:80 :
root anmuscle 484 27 tcp4 192.168.5.1:443 :
root anmuscle 484 28 udp4 192.168.5.1:137 :
root anmuscle 484 30 tcp4 127.0.0.2:53 :
root anmuscle 484 31 tcp4 127.0.0.2:80 :

Is it working as it should?

TIA,
Fred

15

It’s not necessarily a problem if it listens on the WAN as long as you ensure the firewall never allows DNS/HTTP on the WAN interface.

Otherwise looks good.

16

Thank you Arthur, I’ve blocked 53 and 853 on WAN.