Hello. I am testing eBlocker now on version 4.0.3 VM edition. VM in proxmox.
I have three testing clients: Android mobile phone, Windows 10 laptop, Ubuntu linux 24.04 laptop.
My network setup is non-standard and for that I am testing with eBlocker in-line, not replacing any other of my network components (yet). But I am lacking understanding of the flow.
- I want to keep my own DHCP server.
- I want to keep my AdGuardHome ads blocker but only recording stats. It will not be blocking anything.
- I want to keep my own local DNS resolver (Unbound).
Therefore my currently desired flow for traffic is Client -> eBlocker -> AdGuardHome -> Unbound.
To achieve this I have these settings:
On the client:
- Manually set the DNS server to ip of eBlocker.
- Enabled https and installed cert in firefox browser.
On eBlocker:
- Network mode is Automatic. It shows the correct settings like ip address of eBlocker, the network mask and the Gateway. If I changed to use expert mode it would not need to change.
Now the questions. In this setup for the client with eBlocker set to enabled from the eBlocker dashboard, what type of traffic will go to eBlocker? All plain text DNS queries to port tcp/udp 53. Will it also identify DoT and/or DoH ? What about other non-DNS traffic, will it all go through eBlocker's decryption?
What will happen if I disabled eBlocker for the client in the dashboard? Does eBlocker use its upstream DNS server to simply forward the queries?
What I'm trying to get at is how to have eBlocker used for some not all devices. I am concerned about a single point of failure so understanding the flows and behaviours is very important to me.
Network mode is Automatic
As said, this is not going to work in your environment. Background: Automatic Network mode is using IPv4 ARP-spoofing to redirect all TCP packets to eBlocker (by timely modifying the ARP table of each client). This is great for novices but not for what you want: complete control over your "special" network. So please use Expert mode with the config discussed in a different thread.
what type of traffic will go to eBlocker
All traffic needs to go thru eBlocker (as said already). eBlocker does DPI on http(s) only and analyzes ports 443/80 for malicious tracker/ad patterns, when using the Pattern Blocker. When using the DNS Blocker eBlocker acts just like any other DNS blocker - filtering/responding DNS request only.
Will it also identify DoT and/or DoH ?
Encrypted DNS is not touched/analyzed. Rather disable client side DoH/DoT and use your unbound server as encryption endpoint instead.
What will happen if I disabled eBlocker for the client in the dashboard?
The traffic is routed via eBlocker but not touched if the client is disabled. If eBlocker's DHCP server is used, the disabled client gets the gateway IP of the original gateway/router set (when the lease times out) to avoid another hop.
Does eBlocker use its upstream DNS server to simply forward the queries?
Yes, if the request is not blocked the request is forwarded to the DNS servers configured in the DNS Firewall settings.
THX!
Thank you @Random for your patience in your explanations. It is getting much clearer for me.
It is only the ARP part that I'm failing to understand still. I might need to make a packet capture but I guess I'm going to have to figure out how to get shell access to eBlocker first.
Thank you.