Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - AndrewZ

Pages: [1] 2
1
DHCP and DNS / Custom Dynamic DNS - False notifications
« on: April 02, 2018, 07:20:23 am »
I have 3 DynDNS entries, 2 of them are configured as custom and the last one is GoDaddy.

Even if there was no address change I've received 2 email notifications saying
Quote
DynDNS updated IP Address on WAN (igb0) to a.b.c.d

As it shown in the log it was no address change at all.

Here is the log:
Code: [Select]
Apr 2 01:01:15 php-cgi notify_monitor.php: Message sent to xxxxx@gmail.com OK
Apr 2 01:01:05 php-cgi rc.dyndns.update: phpDynDNS (xxx.xxx.info): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Apr 2 01:01:04 php-cgi notify_monitor.php: Message sent to xxxxx@gmail.com OK
Apr 2 01:01:04 php-cgi rc.dyndns.update: phpDynDNS (): (Success) IP Address Updated Successfully!
Apr 2 01:01:04 php-cgi rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_wancustom''1.cache: a.b.c.d
Apr 2 01:01:02 php-cgi rc.dyndns.update: phpDynDNS (): (Success) IP Address Updated Successfully!
Apr 2 01:01:02 php-cgi rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_wancustom''0.cache: a.b.c.d


My understanding that the false notifications were triggered by the two custom entries. Is this related to the way how custom provider is implemented?

2
DHCP and DNS / DynDNS - GoDaddy
« on: March 30, 2018, 09:43:41 am »
Updated today to 2.4.3 and configured DynDNS with GoDaddy - works great, thanks to devs.

3
DHCP and DNS / don't forward without domain
« on: January 28, 2018, 03:45:02 pm »
I'm wondering if it is possible [with unbound] to stop forwarding requests without domain.
Here is the example - local PC is sending query and receiving an undesired response:

Code: [Select]
192.168.1.2 192.168.1.1 DNS 62 Standard query 0x0003 A gw
192.168.1.1 192.168.1.2 DNS 118 Standard query response 0x0003 A gw SOA gw01.dns.pt

Now with another name
Code: [Select]
192.168.1.2 192.168.1.1 DNS 64 Standard query 0x0004 A brix
192.168.1.1 192.168.1.2 DNS 139 Standard query response 0x0004 No such name A brix SOA a.root-servers.net
192.168.1.2 192.168.1.1 DNS 68 Standard query 0x0005 A brix.lan
192.168.1.1 192.168.1.2 DNS 84 Standard query response 0x0005 A brix.lan A 192.168.1.6
After "No such name" client PC is adding default domain "lan", sending another query and receiving a proper response.

Another question - is it possible to force Unbound to add default domain to all the queries it receives without domain?

4
DHCP and DNS / Split DNS with Resolver
« on: January 11, 2018, 11:55:56 am »
I have multiple subnets like 192.168.1.0, 192.168.2.0, etc
For NTP server I have a hostname assigned in DNS which points to 192.168.1.1
What I want to do is to respond with the different IP depending on who is asking, i.e. for request from 192.168.2.X DNS should respond with 192.168.2.1 instead of 192.168.1.1
Is that possible?
 

5
OpenVPN / CRL not saved for a client connection (2.4.1)
« on: November 13, 2017, 04:56:07 am »
Just noticed that the CRL is empty for an OpenVPN client connection I have.
The CRL itself was imported into Cert.Manager some time ago and it was selected in a drop-down for that connection earlier.
I've re-selected the CRL in the connection settings again and saved - the field in question is still empty when I'm checking back.

6
Installation and Upgrades / ssh changes in 2.3.2 ?
« on: July 26, 2016, 02:40:16 am »
The update went smoothly, but afterwards I'm not able to access the router via ssh from Windows with java-based minderm. Linux ssh still works. It was a problem with putty too, but updating the binary resolved the issue.
From the logs:
Quote
Connection closed by 192.168.5.61 port 51532 [preauth]

Mindterm:
Code: [Select]
Error generating DiffieHellman keys: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
Any suggestion?

7
DHCP and DNS / FreeDNS Dynamic DNS changes
« on: May 27, 2016, 01:38:59 pm »
There is a new version 2 of the dynamic update interface available since February 17, 2016.

The default option is Randomized Update Token, in order to use it we have to pick Custom as a Service Type in pfSense.

The Update URL looks like http://sync.afraid.org/u/{token}/ (https supported as well)

Will be great to have this new format natively supported in pfSense.

8
Installation and Upgrades / {packagename} installation failed
« on: April 18, 2016, 12:50:59 pm »
One more (cosmetic?) problem after upgrade.
Installed  'blinkled' today, got the 'installation failed' message in the Web UI while installing. No error in the installation log.
The same happened few days ago when I reinstalled pfBlockerNG and openvpn-client-export right after the system upgrade.

No errors in the system log:
Code: [Select]
Apr 18 10:33:51 pkg pfSense-pkg-blinkled-0.4.7_1 installed
Apr 18 10:33:51 php /etc/rc.packages: Successfully installed package: blinkled.
Apr 18 10:33:43 php /etc/rc.packages: Beginning package installation for blinkled .

pfBlockerNG and openvpn-client-export are working fine for a few days already, so I suppose it's a minor cosmetic issue.

9
Firewalling / Default deny rule
« on: July 25, 2015, 11:24:49 am »
Just noticed that some traffic has been blocked on LAN interface by "Default deny rule".
Why is that? How can I see the actual rule?
Thanks!

10
General Questions / wrong time
« on: January 20, 2015, 11:30:32 am »
Current date/time    : Tue Jan 20 20:26:54 MSK 2015

Running a packet capture and see 8:22pm and 21:22 on the same screen.
Attaching a screenshot from Diagnostics - Packet capture.

Edit: pretty much the same situation in a system log (timestamp should be 20:15:10):
Code: [Select]
Jan 20 21:15:10 php-fpm[4249]: /index.php: Successful login for user 'admin' from:

11
2.1.1 Snapshot Feedback and Problems - RETIRED / still SIP unfriendly
« on: March 02, 2014, 02:39:23 am »
Is it still possible to call the user's script on a filter reload with the current version?
With the previous version(s) I used
Code: [Select]
<afterfilterchangeshellcmd>/usr/local/etc/rc.d/reset_state.sh</afterfilterchangeshellcmd>
where reset_state.sh was a script which kills all the states.

The problem that today after the short ISP outage I've got via DHCP the same WAN IP with the same Gateway IP as before and SIP registrations from my server were not possible until I manually killed the states through the web gui.
My understanding that the states now get killed automatically only if WAN IP get changed.


12
I've upgraded to a latest version after my vacations and noticed that I cannot copy my script anymore as I did it before:
Code: [Select]
[2.0-RC3][root@gw.lan]/root(4): cp /cf/conf/reset_state.sh /usr/local/etc/rc.d/                                                                                              
cp: /usr/local/etc/rc.d/reset_state.sh: Read-only file system
[2.0-RC3][root@gw.lan]/root(5):

Something changed?
Thanks!

13
Hello

Running 2.0-RC2 (i386) built on Thu Jun 9 20:28:39 EDT 2011, had the same issue with 2 or 3 previous snapshots as well.
No DynDNS update, 'Unknown Response' logged:

Code: [Select]
Jun 10 10:53:50 php: /services_dyndns_edit.php: phpDynDNS: (Unknown Response)
Jun 10 10:53:50 php: /services_dyndns_edit.php: phpDynDNS: PAYLOAD: Resource id #65
Jun 10 10:53:50 php: /services_dyndns_edit.php: DynDns: Current Service: dyndns
Jun 10 10:53:50 php: /services_dyndns_edit.php: DynDns: DynDns _checkStatus() starting.
Jun 10 06:53:49 check_reload_status: Syncing firewall
Jun 10 10:53:49 php: /services_dyndns_edit.php: DynDns: DynDns _update() starting.
Jun 10 10:53:49 php: /services_dyndns_edit.php: DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: X.X.X.189 WAN IP: X.X.X.174
Jun 10 10:53:49 php: /services_dyndns_edit.php: DynDns: Current WAN IP: X.X.X.174 Cached IP: X.X.X.189
Jun 10 10:53:49 php: /services_dyndns_edit.php: DynDns debug information: X.X.X.174 extracted from local system.
Jun 10 10:53:49 php: /services_dyndns_edit.php: DynDns: updatedns() starting
Jun 10 10:53:38 php: /services_dyndns_edit.php: phpDynDNS: (Unknown Response)
Jun 10 10:53:38 php: /services_dyndns_edit.php: phpDynDNS: PAYLOAD: Resource id #65
Jun 10 10:53:38 php: /services_dyndns_edit.php: DynDns: Current Service: dyndns
Jun 10 10:53:38 php: /services_dyndns_edit.php: DynDns: DynDns _checkStatus() starting.
Jun 10 06:53:37 check_reload_status: Syncing firewall
Jun 10 10:53:37 php: /services_dyndns_edit.php: DynDns: DynDns _update() starting.
Jun 10 10:53:37 php: /services_dyndns_edit.php: DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: X.X.X.189 WAN IP: X.X.X.174
Jun 10 10:53:37 php: /services_dyndns_edit.php: DynDns: Current WAN IP: X.X.X.174 Cached IP: X.X.X.189
Jun 10 10:53:37 php: /services_dyndns_edit.php: DynDns debug information: X.X.X.174 extracted from local system.
Jun 10 10:53:37 php: /services_dyndns_edit.php: DynDns: updatedns() starting

14
General Questions / right location for custom scripts
« on: May 23, 2011, 04:32:50 am »
Hello

What will be the right location for my own scripts?
I don't want to loose my files after upgrades.

Thanks

15
Hello

Running 2.0-RC1 (i386) built on Fri Apr 8 19:08:10 EDT 2011, Platform nanobsd (1g)
The same issues observed with a few previous builds, last known good for me is 2.0-RC1 (i386) built on Thu Apr 7 00:04:17 EDT 2011

1. ISP's DNS servers are not assigned anymore (DHCP on WAN). Have to statically configure servers.
From the log:
Code: [Select]
Apr 9 12:04:29 dhclient: BOUND
Apr 9 12:04:29 kernel: arpresolve: can't allocate llinfo for 188.x.x.1
Apr 9 12:04:29 dhclient[3220]: unknown dhcp option value 0xf9
Apr 9 12:04:29 dhclient[3220]: unknown dhcp option value 0xf9
Apr 9 12:04:29 dhclient[3220]: DHCPACK from 188.x.x.1
Apr 9 12:04:29 dhclient[3220]: DHCPREQUEST on vr1 to 255.255.255.255 port 67
Apr 9 12:04:29 kernel: arpresolve: can't allocate llinfo for 188.x.x.1
- not present with the older version(s).

2. In Diagnostics - Packet Capture:
Packet Capture is running. Only Stop button is available. No "Download" after pressing Stop. Going away from the page and back - Packet Capture is running. This repeats on every access attempt to that page.

Pages: [1] 2