sentein Posted March 22, 2018 Share Posted March 22, 2018 (edited) About 2 months ago i created a pfSense router for my home setup This is a stand alone system that is bare metal and not a VM of any sort. Ever since then i cannot get the plugins to register there are updates needed, the plugins all have status - Unknown. The OSupdate area in tools is also non-functional. Is there anyone here that has a pfSense router working nicely with unraid that would be willing to give me some pointers? I also have this error in the Fix common problems section "Unable to communicate with GitHub.com" along with every Plugin that needs updated listed there as well. I understand why it is throwing that last error but i need a way to fix it and have not found a good solution as of yet. The reason is that pfSense stops all ping requests as far as i can tell from my readings. The error from github is due to pinging Github.com and not getting a response. I have a feeling this is my underlying issue with the plugin status and update. It could also quite possible be my main issue with the OSupdate tool not working as well. I have set the DNS in my router and both of my servers. I have also tried disabling the firewall and shutting down pfBlockerNG in different combinations to leave everything unprotected. I only have one port forwarded to the outside world and that is Plex@32400. Https is enabled and i have a VPN server setup and working. Any help is appreciated if you would like to know anything else just ask. I will give any information i can. I do apologize for having to ask this here, I have been at this for 2 months and admit defeat. I like my protection but if i cannot get pfSense to work 100% i may as well nuke it. Edited April 2, 2018 by sentein Quote Link to comment
MyKroFt Posted March 22, 2018 Share Posted March 22, 2018 (edited) Diagnostics >> Ping >> github.com what do you get? Make sure router is reaching github to start with Edited March 22, 2018 by MyKroFt Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 This is what i am getting. The following input errors were detected: - Host "github.com" did not respond or could not be resolved. I have a feeling something might be screwed up in this region but i cannot put my finger on it. The first DNS is used with pfBlockerNG when active. Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 It is a dummy DNS = No one as is not pointing to a Wan. All DNS requests blocked by pfBlockerNG go here to die. pfBlockerNG is setup as a DNS based network AD blocker. So if it sees a request to or from a website on one of my lists it forwards those DNS queries to 10.10.10.1 which goes absolutely no where. Since the DNS queries cannot be resolved to a website the AD is effectively blocked. Quote Link to comment
joelones Posted March 22, 2018 Share Posted March 22, 2018 (edited) 11 minutes ago, ijuarez said: Who is 10.10.10.1? That's the Virtual IP for the DNS blocker DNSBL portion of the pfBlockerNG package. I'm not exactly sure why you put 10.10.10.1 under General Setup, I always thought you'd have to put an external DNS server there which is will be used by the pfSense box. Edited March 22, 2018 by joelones Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 ok, what do your firewall logs say? Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 Just now, joelones said: That's the Virtual IP for the DNS blocker DNSBL portion of the pfBlockerNG package. I'm not exactly sure why you 10.10.10.1 under General Settings, I always thought you'd have to put an external DNS server there which is will be used by the pfSense box. That's why I asked, I don't use pfBlockerNG. Personal note, stay away from google dns and use open nic or open dns Quote Link to comment
joelones Posted March 22, 2018 Share Posted March 22, 2018 (edited) 7 minutes ago, sentein said: It is a dummy DNS = No one as is not pointing to a Wan. All DNS requests blocked by pfBlockerNG go here to die. pfBlockerNG is setup as a DNS based network AD blocker. So if it sees a request to or from a website on one of my lists it forwards those DNS queries to 10.10.10.1 which goes absolutely no where. Since the DNS queries cannot be resolved to a website the AD is effectively blocked. I don't do it that way. I put external DNS' under General Setup and then use firewall rules to block via the blacklists. Sites that are blocked are resolved to 10.10.10.1 and show a 1x1 pixel when tried via a browser. Edited March 22, 2018 by joelones Quote Link to comment
DZMM Posted March 22, 2018 Share Posted March 22, 2018 can you share your pfBlockerNG settings please, particularly the DNSBL and general tab. I think your DNS servers are the problem I use the same package and I don't have the pfblocker dns setting in my general/DNS page. If I remember rightly, the only change you need to make outside of the pgBlockerNG pages is to ensure DNS resolver is enabled.... What happens if you change the DNS servers to OpenDNS (208.67.222.222/208.67.222.220) - can you ping? 1 Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 8 minutes ago, ijuarez said: That's why I asked, I don't use pfBlockerNG. Personal note, stay away from google dns and use open nic or open dns Originally that is exactly what i had. The only reason that unfortunate DNS is even in here is due to the "Reset your modem / router or try again later, or set your DNS Settings to 8.8.8.8 and 8.8.4.4 Also make sure that you have a Gateway address set up." message given at the fix common problems plugin. I was trying to give unRaid the most direct rout to the outside world. 10 minutes ago, ijuarez said: ok, what do your firewall logs say? I have not checked the logs. Honestly i am not 100% sure where to find them yet. Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 9 minutes ago, DZMM said: can you share your pfBlockerNG settings please, particularly the DNSBL and general tab. I think your DNS servers are the problem I use the same package and I don't have the pfblocker dns setting in my general/DNS page. If I remember rightly, the only change you need to make outside of the pgBlockerNG pages is to ensure DNS resolver is enabled.... What happens if you change the DNS servers to OpenDNS (208.67.222.222/208.67.222.220) - can you ping? Going to try the DNS Settings Next. Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 (edited) 8 minutes ago, sentein said: Originally that is exactly what i had. The only reason that unfortunate DNS is even in here is due to the "Reset your modem / router or try again later, or set your DNS Settings to 8.8.8.8 and 8.8.4.4 Also make sure that you have a Gateway address set up." message given at the fix common problems plugin. I was trying to give unRaid the most direct rout to the outside world. I have not checked the logs. Honestly i am not 100% sure where to find them yet. That's the plugin suggestion, virtually all network help on the webs always has you test with google dns because they always work. I think @DZMM has a better answer. Also try changing the DNS servers. Edited March 22, 2018 by ijuarez hit the submit too early Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 12 minutes ago, DZMM said: can you share your pfBlockerNG settings please, particularly the DNSBL and general tab. I think your DNS servers are the problem I use the same package and I don't have the pfblocker dns setting in my general/DNS page. If I remember rightly, the only change you need to make outside of the pgBlockerNG pages is to ensure DNS resolver is enabled.... What happens if you change the DNS servers to OpenDNS (208.67.222.222/208.67.222.220) - can you ping? Results look Promising PING github.com (192.30.253.113): 56 data bytes 64 bytes from 192.30.253.113: icmp_seq=0 ttl=53 time=27.433 ms 64 bytes from 192.30.253.113: icmp_seq=1 ttl=53 time=28.330 ms 64 bytes from 192.30.253.113: icmp_seq=2 ttl=53 time=28.046 ms --- github.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 27.433/27.936/28.330/0.374 ms Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 Using Terminal i am still unable to Ping Github.com in unraid. and all the problems stated in the first post still seem to be there. But with your help pfsense can at least see github.com so it is a step in the right direction. Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 post your network setup for unraid, Quote Link to comment
DZMM Posted March 22, 2018 Share Posted March 22, 2018 your settings page was the same as mine. Don't know why you had the pfblockerng address in general - I just have a NAT rule that was auto-created that forwards anything to 10.10.10.1 to the designated ports. https://www.fredmerc.com/2016/07/pfsense-adblock-using-pfblockerng-guide/ good guide For the LAN/VLAN that your unraid server is on add a ICMP rule like this: Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 7 minutes ago, ijuarez said: post your network setup for unraid, I have tested both servers and the Configs on both seem to not seem too make a difference. Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 why did you make your gate 192.168.10.4? is that pfsense's ip? Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 1 minute ago, ijuarez said: why did you make your gate 192.168.10.4? is that pfsense's ip? Yes it is. Sorry i should have made that more clear. Quote Link to comment
DZMM Posted March 22, 2018 Share Posted March 22, 2018 have you seen my post about creating a firewall rule? Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 14 minutes ago, DZMM said: your settings page was the same as mine. Don't know why you had the pfblockerng address in general - I just have a NAT rule that was auto-created that forwards anything to 10.10.10.1 to the designated ports. https://www.fredmerc.com/2016/07/pfsense-adblock-using-pfblockerng-guide/ good guide For the LAN/VLAN that your unraid server is on add a ICMP rule like this: Hot Dang!!!!!!!!!!!!!!!!!!! This got both servers working. You guys are all amazing. I know this was not a pfSense forum so i am sorry for the stupid question. There was only so much i was willing to try by reading and breaking it. Thank you guys so much!!!! Quote Link to comment
ijuarez Posted March 22, 2018 Share Posted March 22, 2018 where you can view logs Quote Link to comment
sentein Posted March 22, 2018 Author Share Posted March 22, 2018 (edited) 2 minutes ago, DZMM said: have you seen my post about creating a firewall rule? No i have not. If you can, could you please link it? So if anyone has this issue again it shows up on their radar? Thank you very much. This will come in handy as well. Edited March 22, 2018 by sentein added info and thank you. Quote Link to comment
DZMM Posted March 22, 2018 Share Posted March 22, 2018 3 minutes ago, sentein said: Hot Dang!!!!!!!!!!!!!!!!!!! This got both servers working. You guys are all amazing. I know this was not a pfSense forum so i am sorry for the stupid question. There was only so much i was willing to try by reading and breaking it. Thank you guys so much!!!! No probs. I've pulled together pfsense stuff I've found useful here You definitely should go over the nguvu.org Guides - if you follow it, it'll give you a rock solid foundation to build on Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.