Announcement

Collapse
No announcement yet.

Basic Setup

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    In the email, you said that it's not working for 192.168.0.49. So, it's not working for that user and it works fine for others.

    I see these log,

    Code:
    INFO [08-30 10:15:12] - RHiAD, Blocked by category (all_block), www.youtube.com.
    INFO [08-30 10:15:12] - RHiAD, Blocked by category (all_block), www.youtube.com.
    DEBUG [08-30 10:15:12] - LastError.add, Adding error from request, NxError{kw=192.168.0.38,www.youtube.com, domain=www.youtube.com, uname=Gayal, cltIp=192.168.0.38, policyName=all_block, catnameLine=all_block, grpLine=all_block, reasonDetail=Blocked categories (all_block), timestamp=1724993112}
    DEBUG [08-30 10:15:12] - LastError.add, Adding error from request, NxError{kw=192.168.0.38,www.youtube.com, domain=www.youtube.com, uname=Gayal, cltIp=192.168.0.38, policyName=all_block, catnameLine=all_block, grpLine=all_block, reasonDetail=Blocked categories (all_block), timestamp=1724993112}
    You see these block log on 'Logging > Request'. So, logging woks also fine.

    So, NxFilter works fine. The problem is 192.168.0.49. Then you should test the PC with nslookup. On the PC do 'nslookup twitter.com' and see what's you get.

    One possible reason is that the PC might have another DNS server as its secondary DNS server. Or it may use IPv6 DNS. In that case, it can bypass it.

    Comment


    • #17
      Originally posted by support200 View Post
      In the email, you said that it's not working for 192.168.0.49. So, it's not working for that user and it works fine for others.

      I see these log,

      Code:
      INFO [08-30 10:15:12] - RHiAD, Blocked by category (all_block), www.youtube.com.
      INFO [08-30 10:15:12] - RHiAD, Blocked by category (all_block), www.youtube.com.
      DEBUG [08-30 10:15:12] - LastError.add, Adding error from request, NxError{kw=192.168.0.38,www.youtube.com, domain=www.youtube.com, uname=Gayal, cltIp=192.168.0.38, policyName=all_block, catnameLine=all_block, grpLine=all_block, reasonDetail=Blocked categories (all_block), timestamp=1724993112}
      DEBUG [08-30 10:15:12] - LastError.add, Adding error from request, NxError{kw=192.168.0.38,www.youtube.com, domain=www.youtube.com, uname=Gayal, cltIp=192.168.0.38, policyName=all_block, catnameLine=all_block, grpLine=all_block, reasonDetail=Blocked categories (all_block), timestamp=1724993112}
      You see these block log on 'Logging > Request'. So, logging woks also fine.

      So, NxFilter works fine. The problem is 192.168.0.49. Then you should test the PC with nslookup. On the PC do 'nslookup twitter.com' and see what's you get.

      One possible reason is that the PC might have another DNS server as its secondary DNS server. Or it may use IPv6 DNS. In that case, it can bypass it.
      On 192.168.0.49, when i do nslookup, I get the IPs of twitter.com so it's not working too I guess. Doesn't have any other DNS servers or IPv6 DNS. :/

      Comment


      • #18
        I see this log,

        DEBUG [08-30 10:17:31] - RHr, RH #2, shepherd.avcdn.net, rqSize = 0, rDc = 1, rTtl = 0, rType = 1, cltIp = 192.168.0.49.

        So, NxFilter gets requests from 192.168.0.49. Then there should be log on 'Logging > Request'. Find log from 192.168.0.49 on there and show me the capture. You should have your nslookup query on there.

        Comment


        • #19
          Or just stop it and zip /nxfilter folder and upload it somewhere and send me the link. I can download it and see the log myself.

          Comment


          • #20
            Hey, so I noticed only requests to stream-production.avcdn.net, honzik.avcdn.net is available on the requests logging from the client that NxFilter isnt working. Is this something related to the virus guard we have? Is it using some kind of it's own CDN so they don't go through NxFilter?

            Update: Yeah so it turns out, we had Fake Website Shield enabled in AVG and that's why NxFilter wasn't working.
            Last edited by xand3rr; 09-03-2024, 11:07 AM.

            Comment


            • #21
              If that Fake Website thing is blocking your DNS requests, It means that they hijack DNS requests and resolve them by their own DNS server without your notice.

              You may think you can trust them. But these people send/recv the files in your PC to their lab and look into the contents without notifying you. And many of them send a lot of DNS requests for secret communication to their servers. Some of them even flooded network traffc with such communication.

              These security companies do almost the same thing as malwares do. That's why I don't use Antivirus software except Microsoft one.

              Comment


              • #22
                Originally posted by support200 View Post
                If that Fake Website thing is blocking your DNS requests, It means that they hijack DNS requests and resolve them by their own DNS server without your notice.

                You may think you can trust them. But these people send/recv the files in your PC to their lab and look into the contents without notifying you. And many of them send a lot of DNS requests for secret communication to their servers. Some of them even flooded network traffc with such communication.

                These security companies do almost the same thing as malwares do. That's why I don't use Antivirus software except Microsoft one.
                Yeah that is really concerning. I'm going to look at the possibility of using Defender from now on.
                Thank you for your help.

                Comment


                • #23
                  Hey! Looks like you've got the basics right, but check if you've enabled "forwarding DNS" in NxFilter settings. Also, make sure the devices are actually using 192.168.0.3 as their DNS.

                  Sometimes, a full system reboot helps – NxFilter can get “stuck” now and then. Good luck!

                  Comment

                  Working...
                  X