search

jpgpi250 / piholemanual

files referred to in my pihole installation manual
115 stars 14 forks source link

www.liveleak.com not working #5

Closed pcdiks closed 4 years ago

pcdiks commented 4 years ago

The site www.liveleak.com is not working properly. This ip is blocked that causes the problem: 104.16.133.229

Could you solve this?

jpgpi250 commented 4 years ago

Nothing to fix here, the IP (104.16.133.229) and the IPv6 equivalent are already in the exceptions list. I warned in all my posts that you need to make exception rules, using the exception files for specific devices, clearly, if you created these rules, they aren't working. There is currently only one DNS entry that requires an exception (dns.cloudflare.com), because they host regular DNS (port 53), DoH (port 443) and content (cdnjs.cloudflare.com) behind the same IP address.

Don't know about the exception rules? read here.

pcdiks commented 4 years ago

Yes, I have implemented the exceptions and after disabling the rules to block DoH the site still does not work so it’s something else. I do think your exception rules are not correct. In your pdf you show that the source must be an ip on the block list and the target must be the exception. Traffic on the lan interface can never have a source ip that is not on the lan. If you remove the source or change the source to lan net you have a rule that is technically correct.

jpgpi250 commented 4 years ago

www.liveleak.com works perfectly in my environment, with the rules, described in the pdf. I can see in the logs, the exception rule is trigered (dns.cloudflare.com points to both 104.16.133.229 and 104.16.132.229

image

quote In your pdf you show that the source must be an ip on the block list and the target must be the exception. /quote

the source must be an ip on the block list This is wrong!

In the block rules, the source is any, the target is the block list In the exception (allow) rules, the source is the alias used to define your devices that require an exception, the target is the exception list

The IP, used in the pdf (pfsense configuration / defining the exception alias ) is an example. I assume this is obvious, you need to enter your own IP addres(es)

check your rules again...

edit looking at this problem, I understand the documentation is somewhat confusing. To eliminate this confusion, I changed the names of the aliases, this to (hopefully) make things more clear. /edit