nxfilter its logging fine but doesnt block any pages

[Pablo Lopes]

Hi,

nxfilter is logging fine but doesnt block any pages. Someone could help me?

[Jason]

Have you updated the System Category (update_sh.sh  or update_sh.bat on windows) and have you setup a policy with categories to be blocked? 

[Jason]

also if you are using authentcation you need to map users -> policies.

Users have to also be mapped to an ip address either by static range or nxlogon for AD integration that is if you are doing authentication. 

[Pablo Lopes]

Yeah, im using AD integration... using nxlogon and stuff... NxFilter can see the user and say that the page was blocked... but the browser open normally the page.

check out the file!

[Jason]

Have you ran ipconfig /flush on the machines? is Nxfilter the only DNS ip addressees you are handing out to clients? otherwise they maybe using recursive dns and getting it from another DNS server.

trying NSLOOKUP and see what the response is as well as what server is responding. if it's blocked it should be getting the ip both from the nxfilter server and the response should resolve to the ip of it as well (to show the blocked page)

[Jason]

ipconfig /flushdns rather

[Pablo Lopes]

nslookup works just like u described. is exactly why I am intrigued.
yes, I did and didnt work flushdns.
nxfilter is the only DNS server on the ip configuration.
Im using PFSENSE as the firewall...my suspicions are on it

[Jason]

I use pfsense for our network firewall as well.. It shouldn't matter. if your Domain Controller is handing out the DHCP pfsense isn't much involved in that. 

[Pablo Lopes]

In fact PFSENSE is handing out the DHCP. But I already changed the DNS ip distributed by pfSense for NXFILTER ip... I've got the same problem.

I was wondering if pfsense wasnt working as dns... because of the dns forwarder. but this is turned off... Im really lost here!

[Jason]

How are you handing out the DNS Settings from Pfsense? it did take mine about 12 hrs for the settings to fully roll out.

[Pablo Lopes]

just like u... already tried to leave blank and put the nxfilter ip on the dns configuration ip of the pc. bove ways do not work. 

[Jason]

Please post a screen shot of the Pfsense DHCP config page, the NXFilter Config Page, and Copy & Paste a IPCONFIG /ALL

[Pablo Lopes]

There is...

[Jason]

Try using the DNS Server settings for the interface, not the General system ones for pfsense

I circled the settings

[Jinhee]

Do you not have 'Logging only' option enabled in your policy?
If it's from your DHCP setting try to use static setup as a test.

1. Block 'www.bbc.co.uk' on whitelist with admin_block option.
  Global whitelist is better.

2. Start nslookup and change server to NxFilter.
  Or setup NxFilter as the only DNS server for your PC using static setup.

3. Try to query www.bbc.co.uk on nslookup.

If it's from DHCP try 'ipconfig /all' on your CMD.
We can have a look.

Jinhee

[Jinhee]

Sorry you have already posted it.
It seems all OK to me.
Check your policy then.

Jinhee

[Pablo Lopes]

Hi Jinhee,
This was the first thing I looked for. It's not in the logging only mode.

Jason,
Already tried change general DNS and Interface DNS for NX filter... =(

It's necessary wait some time to take effect? Log starts immediately...

[Jason]

if I had to guess I'd say you got a proxy server setup somewhere weather locally in the browser settings, or a transparent network proxy. 

[Pablo Lopes]

Thank you Jinhee and Jason,

problem solved. In fact I'm using PFSENSE as a transparent proxy. I have 3 gateways on my network, because of it, im using 'pfsense server' option for forward especifc subnets data throught the right gateway...

This was 'jumping' the NXFILTER rules.

Now I'll try to find a alternative way to do this thing.

Thanks again for your time!

[Jinhee]

Your nslookup is using your NxFilter as it's return 10.70.100.13 for www.xvideos.com.
But your browser can connect www.xvideos.com.
Then you can check if your browser using NxFilter as its DNS server or not by using that login-domain.
What happens if you enter the login-domain into your browser address bar?
Do you get the login-page?

Jinhee