Hello,
I have a strange problem. When I use the eblocker including the DNS firewall, I can't access my internal NAS drives.
Configuration: Manjaro Linux, access via KDE/kio-smb://, Synology NAS, FritzBox cable (free, not from provider). eblocker from Crowdfunding
Why is that?
By the way, it makes no difference whether I set the DNS firewall to "Internet provider" or to the option "separate list"(which I would prefer)
If I pause the eblocker on my device or just disable the DNS firewall everything works.
I wonder...
Hi @Julius,
maybe because of your network or NAS config?!
Try to whitelist the url of your NAS.
Which eBlocker version and which PI are you using?
https://eblocker.org/community/bugs-features/before-posting-here-please-read/#post-117
regards
Sven
Hello,
Try to whitelist the url of your NAS.
I've added the IP (192.168....) of the NAS to the whitelist in the eblocker Dashboard for my PC - but unfortunately it doesn't help. And it does also make no difference if I disable eblocker for the NAS.
Which eBlocker version and which PI are you using?
Version: 2.4.5, lists: 2020-04-18-06-00-04
The device itself is the commercial one (white dice) with life-time license
When I use the eblocker including the DNS firewall, I can't access my internal NAS drives.
How do you access your internal NAS? What's the error you are getting? Can you please describe more in detail what you are trying to do and where it fails. Am I interpreting your above sentence right that once you deactivate eBlocker's DNS you can access your NAS? Are you running your own local DNS (maybe on the NAS)?
Background: eBlocker usually does not touch internal LAN traffic at all. So we need to better understand the use case to make suggestions... Synology NAS works like a charm with eBlocker, so it's not a general issue but a particular problem of your (network) config...
Please state with your answer: eBlocker's network mode & settings, DNS, HTTPS. Can you access NAS config using http interface? Does only SMB fail? Is the NAS device disabled for eBlocker blocking (recommended)?
THX!
Hello,
Thanks for the help.
- Yes the eblocker is disabled for the NAS.
- The NAS is connected to the fritzbox as well as the computer.
- Under KDE, I don't really have a meaningful feedback regarding SMB.
If the DNS firewall option of the eblocker is on, the machine will not find any SMB shares or workgroup. When I turn off the option on the eblocker, access is immediately restored.
There is no active firewall or DHCP on the computer. - In terms of time, the problem may be related to an update of the NAS.
If this were the case, the number of requests for help here would be increasing. The jump was from Synology DSM6.2 Update 4 to Update 6, and according to the changelog there, nothing with SMB should be affected ( http://update.synology.com/autoupdate/whatsnew.php?model=DS218&update_version=24922-6).
The NAS also has no DHCP server or firewall active. I did not change to config of the NAS recently.
I don't really know where to look further...
Have you tried rebooting (to empty caches) after switching to eBlocker DNS?
Are you running eBlocker in manual network mode (which I recommend)?
Do you have other clients (non KDE) to verify the issue?
Make sure DNS network settings of NAS and client are set to eBlocker‘s IP (if you are not using DHCP).
Then try the following: Enable eBlocker DNS, chose „custom list...“
Under DNS SERVER CUSTOM LIST delete all entries and just add your current DNS IP (probably your router) as only entry.
Purge DNS caches of client and NAS (also in eBlocker under DNS) or just reboot.
I have a similar problem with my Synology NAS.
When eBlocker is enabled the NAS is unable to access the internet.
Maybe the manual "Expertenmodus" can help?
can you tell me which settings in blocker and Fritz Box 7590 have to be made to get it to work. I have tried different settings, but blocker tells me every time that there is a second network.
Your help is much appreciated.
The same thing for your issue
https://eblocker.org/community/bugs-features/before-posting-here-please-read/#post-117
The more you tell, the easier it is to help.
Please also post a screenshot of the second network message
Here is my setup
Fritzbox 7590 with latest Beta 07.19-77204 BETA
192.168.178.1
Synology DS214Play, latest DSM 6.2.2-24922 Update 4
IP Adress pinned to device via Fritzbox
eBlocker enabled for Syno
eBlocker Raspi 3b or 4, standard fresh install 2.4.5/Alpha 2.5.0
certificate https enabled for windows win10 laptop
All of this devices have full internet access in the fritzbox settings!
I have no issues to connect to SMB of my NAS and my NAS has no problems connecting to Internet (Updates, packages, ...)
So there is no need to configure things here.
Please tell, what you mean with Syno can not connect to internet, as @Julius has a problem to connect to his NAS, when eBlocker is active?!
@Julius: can you post the SMB settings of your Synology?!
Regards
Sven
@Julius: can you post the SMB settings of your Synology?!
Yes, these are the unchanged settings from my DS218
Have you tried rebooting (to empty caches) after switching to eBlocker DNS?
Are you running eBlocker in manual network mode (which I recommend)?
Do you have other clients (non KDE) to verify the issue?
Make sure DNS network settings of NAS and client are set to eBlocker‘s IP (if you are not using DHCP).
Then try the following: Enable eBlocker DNS, chose „custom list...“
Under DNS SERVER CUSTOM LIST delete all entries and just add your current DNS IP (probably your router) as only entry.
Purge DNS caches of client and NAS (also in eBlocker under DNS) or just reboot.
Yes, i tried rebooting (PC and eblocker) and DNS clean. Unfortunately no change at all.
Right now I am using the automatic-mode of the eblocker as this was working fine until now.
Unfortunately I do not have any other PC here - only smartphone, tablet, smartTV with apps and no SMB-access
I tried the idea of setting DNS-firewall to the individual list with only my IP of the fritzbox (which is using my provider DNS) - no change right now (please keep in mind that my eblocker is still set to automatic mode - as I do not have the possibility right now (today) to change this setting.)
Try the button "SMB Cache löschen" below in the window
-> see Screenshot
Try the button "SMB Cache löschen" below in the window
-> see Screenshot
And try changing from SMB2 to SMB3regardsSven
Hi Sven,
i did both - but still no change (no smb-access if DNS-Firewall of eblocker is enabled, immediately access to smb-shares when disabling the DNS-firewall of eblocker)
Regards, Julius
Hello,
for clarification I made a test if it is due to KDE and their kio-slaves. This is not the case, because accessing it via "smbclient -U julius -L //homenas" in the command line has exactly the same problem/behavior.
Which Linux OS do have you currently installed?
I will try to adapt and test in my environment.
regards
Sven
Right now I am using the automatic-mode of the eblocker as this was working fine until now.
Change to manual network mode please and try again.
I suspect some interference with Synology or Fritz in this case (ARP incompatibility maybe related to the firmware update you mentioned). @Calimero s Synology and mine is working just fine - so it‘s not a general issue for the setup.
Good morning,
i have made some tests.
My Synology DS218 (DSM Version 6.3) has only partial Internet access when the DNS Firewall of eblocker is activated. Without ist everything works as expected.
Apps can be installed etc., but Update Check for Firmware and Antivirus does not work.
@Random i am with you, that there might be problems with ARP spoofing.
It would be interesting which Settings in Fritzbox 7590 and eblocker 2.4.5 (Raspi3B+) should be used for the manual mode / Expert modus.
cu
Hi,
is the problem fixed?
I have a few questions:
1. Your eBlocker ist in Automatic our Individuell our Expert Mode?
2. Fritzbox is DHCP Server?
3. Your NAS IP Config; you give a static IP Address our via DHCP from Fitzbox can you print ist IP-Address, Gateway, DNS?
4. Your Clients in yout network; give an print IP-Address, Gateway, DNS?
5. Your access to the NAS is only internal?
regards
PIO78
Right now I am using the automatic-mode of the eblocker as this was working fine until now.
Just use manual mode and it‘s gonna be fine. Give it a try...
Right now I am using the automatic-mode of the eblocker as this was working fine until now.
Just use manual mode and it‘s gonna be fine. Give it a try...
Sorry at all for not responding earlier - irl was to demanding the last days.
Right now I've enabled the individual mode and now guess: YES it is working now - the SMB shares are back again even if the DNS- firewall of eblocker is enabled (using the external option here to randomly go through a list of DNS servers suggested by eblocker-doc and kuketz-blog).
This is fine for the moment- and thank you for your help.
As a small complaint I would like to point out that I would like this to work in automatic mode as well. Because on the one hand it is the act of configuration that is necessary (and the knowledge) and it is a source of error, should the eblocker fail and you have to remember to enable the dns server of the fritzbox...
Right now I am using the automatic-mode of the eblocker as this was working fine until now.
Just use manual mode and it‘s gonna be fine. Give it a try...
Sorry at all for not responding earlier - irl was to demanding the last days.
Right now I've enabled the individual mode and now guess: YES it is working now - the SMB shares are back again even if the DNS- firewall of eblocker is enabled (using the external option here to randomly go through a list of DNS servers suggested by eblocker-doc and kuketz-blog).
This is fine for the moment- and thank you for your help.
As a small complaint I would like to point out that I would like this to work in automatic mode as well. Because on the one hand it is the act of configuration that is necessary (and the knowledge) and it is a source of error, should the eblocker fail and you have to remember to enable the dns server of the fritzbox...
oh NO - i have forgotten to reboot the nas itself.
After doing so I do have the same old problem: NO SMB-share access when DNS-firewall of eblocker is enabled If I turn the DNS-firewall off everything is working again. that's a bummer
Do you tried the "Individual Settings" ???
Because you have a FritzBox and there you can not set the Default Router to the IP of the eBlocker.
So do the following:
1. look for the IP of your FritzBox (you have done)
2. Set eblocker with fixed IP (you have done)
3. Set eBlocke in "individual Settings" so that eBlocker is the DHCP in your Network
4. On Fritzbox deaktivate your DHCP Server!
5. When you reboot/restart the Clients they will get the IP from the DHCP on the eBlocker.
In conclusion:
The Clients get Network-settings from eBlocker, like IP, DNS, Gateway. The Gateway is important so that all IP-traffic goes over the eBlocker.
Look at this Video:
Function ...
https://eblocker.org/funktionsweise#eblocker-funktioniert
regards
PIO78
@julius Have you tried to disable eBlocker for your syno (in eBlocker‘s device settings) and leave just your linux enabled?
To ALL of you:
Please excuse the late reply. I didn't get around addressing the problem until now.
And it seems to be a very trivial but nasty point - which I discovered today:
The NAS can be referred on the network as "myNAS".
It works if the DNS firewall is disabled - e.g. by using smb://myself@myNAS in Dolphin (the file Browser of KDE)
If I enable the DNS firewall, then this resolving won't work anymore.
If I replace "my "NAS" with the IP "192.168..." of the NAS, the DNS firewall on the eblocker will work - e.g. smb://myself@92.168..
Also the network neighbourhood is empty if the DNS firewall is enabled. If I disable it id do see "myNAS" again.
So yes eblocker interferes with my synologyhere - BUT I have a work-around to use the IP instead of the name when using smb here (Manjaro Linux, rolling release).
Hi, have you trie to set the Hostname "MYNAS" under DNS-Firewall "local network" like:
MYNAS 192.168.x.x
?? 🤔
regards
PIO78
It seems to be a fact @julius is running a DNS sever on the synology, which wasn’t mentioned before. A word, that you are accessing your syno by domainname and not by IP would have been great... 😑
Anyhow: To make this scenario work, without adding each name from syno to eBlocker, just add the synoDNS (the IP of the syno) as the only (external) DNS server in the eBlocker DNS config (delete all other DNS that might be there).
Then the DNS chain works like client->eBlocker->Syno->Provider. I‘d rather recommend forwarding DNS from syno to eBlocker, to strip the provider out but I fear thats to complicated for the given network knowledge. Above scenario is easy and does the trick.
Hi, have you trie to set the Hostname "MYNAS" under DNS-Firewall "local network" like:
MYNAS 192.168.x.x
?? 🤔
regards
PIO78
Yes, I did this - but no change here.
It seems to be a fact @julius is running a DNS sever on the synology, which wasn’t mentioned before. A word, that you are accessing your syno by domainname and not by IP would have been great... 😑
Anyhow: To make this scenario work, without adding each name from syno to eBlocker, just add the synoDNS (the IP of the syno) as the only (external) DNS server in the eBlocker DNS config (delete all other DNS that might be there).
Then the DNS chain works like client->eBlocker->Syno->Provider. I‘d rather recommend forwarding DNS from syno to eBlocker, to strip the provider out but I fear thats to complicated for the given network knowledge. Above scenario is easy and does the trick.
Well, knowledge is there to be learned - even in small steps 🙂
Right now I cannot confirm that a DNS server is running on the synology...
With all DNS changes it‘s a good idea to purge DNS caches server and client side - or just reboot all devices... otherwise you might get „nothing changed“ impression.
As we had some power outage this week I've had a reboot of all devices involuntary 😉
Furthermore I've deleted the dns cache (as I did some time ago)
This indeed changed something:
- At first: my workaround using the IP in the smb-statement still works - so I can work.
- Second: The network neighborhood of KDE now shows up my NAS as "myNAS.local". The ".local"-part is new. But If I try to login in I always get the prompt to enter my credentials. Anyway, it does work using the IP-address.
- Third: All this applies if I've enabled the DNS-firewall of eblocker. If I disable it everything does work with the "myNAS"-name as well as with the IP-address.
I general:
According to my understanding of traceroutethe DNS-route is from my PC to eblocker to fritz.box as shown here:
traceroute to www.google.com (172.217.16.196), 30 hops max, 60 byte packets
1 eblocker.box (192.168.178.27) 3.293 ms 3.314 ms 3.350 ms
2 fritz.box (192.168.178.1) 3.496 ms 3.607 ms 3.718 ms
3 ip5b426dfe.dynamic.kabel-deutschland.de (91.66.109.254) 16.583 ms 18.472 ms 20.807 ms
4 83-169-179-198-isp.superkabel.de (83.169.179.198) 20.801 ms 20.830 ms 20.823 ms
5 ip5886c088.static.kabel-deutschland.de (88.134.192.136) 20.853 ms 20.889 ms 20.881 ms
6 145.254.3.66 (145.254.3.66) 22.267 ms 16.239 ms 22.519 ms
7 145.254.2.215 (145.254.2.215) 21.564 ms 21.590 ms 23.602 ms
Therefore - I assume I can stay with my workaround: I've a shortcut to my NAS accessing it via SMB using the IP-address. This way I can use the DNS-firewall of eblocker (which is set to randomly choose from a list of DNS servers provided on the old eblocker.com-webpage and from kuketz blog)