Pages not being blocked using pfsence

sangeorgej · April 29, 2021, 8:46pm

This is my first install of ADAM: one on a pfsence firewall. All seems to be going well, the router is up, the log is showing me traffic and even showing me blocked ads and such. I even created a list and added a few websites and connected it to the blacklist.

However.

When I visit a site that should be blocked, it lets me through. I checked on several computers in the network and all can get through. I’m wondering if I may have missed a setting in pfsence. I did follow the published setup guide.

So here is a copy of my IP info showing the dns is pointing to my pfsence router.

Any thoughts?

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-HRG78M0
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : harpeth.local

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : harpeth.local
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 18-03-73-B7-9D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.1.165(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 29, 2021 12:16:48 PM
Lease Expires . . . . . . . . . . : Thursday, April 29, 2021 5:16:11 PM
Default Gateway . . . . . . . . . : 10.1.1.254
DHCP Server . . . . . . . . . . . : 10.1.1.254
DNS Servers . . . . . . . . . . . : 10.1.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

sangeorgej · April 29, 2021, 9:04pm

I believe this issue sits with the DNS resolver.

I checked pfsence and it’s not turned off. When I do turn it off I get the following error and it turns back on.

The following input errors were detected:

This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.

Thoughts?

David · May 1, 2021, 1:43am

Hi @sangeorgej thank you for trying it out! Please try these steps:

pfSense -> System -> General Setup -> DNS Resolution Behaviour
Set to Use Remote DNS Servers, ignore local DNS
Disable Services -> DNS Resolver
Enable adam:ONE

sangeorgej · May 3, 2021, 2:53pm

I followed that and it blocked all DNS traffic. So I undid the changes and tried this:

Follow the general install instructions

pfSense -> System -> General Setup ->DNS Servers
Set it to my pfSence IP address
Disable Services -> DNS Resolver
Enable adam:ONE

Seems to be working.

I’d like your thoughts on this setup.

sangeorgej · May 3, 2021, 6:26pm

With further testing, I’m seeing strange behavior. When the blacklist is on it will block sites as expected as well as sites we put into our own rules list.

However, there are certain sites like Facebook, Instagram, and MSN, that return DNS_PROBE_FINISHED_NXDOMAIN error not the blocked redirect.

When I change over to unfiltered most sites return the DNS_PROBE_FINISHED_NXDOMAIN error.

Not sure where the DNS issue is happening.

sangeorgej · May 4, 2021, 1:50pm

After much work and many tests, I’m finding that one of the key things to do is reboot your pfSence router after making lots of changes to it. That has seemed to correct a lot of issues.

fernando · May 12, 2021, 4:38pm

@sangeorgej in most cases, just restarting the angmr services fixes these type of issues. You can do so by going to Status>Services then stop and start the anmgr service.