Netgate SG-1000 microFirewall

Author Topic: Access pfSense alias from other boxes  (Read 142 times)

0 Members and 1 Guest are viewing this topic.

Offline joelones

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Access pfSense alias from other boxes
« on: January 21, 2018, 10:23:10 am »
I'd like to define an aliases with IPs on pfSense and be able to access this list of IPs from internal clients on my LAN, from within a bash script (using curl or something similar). Thoughts on whether this is possible via the UI?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Access pfSense alias from other boxes
« Reply #1 on: January 22, 2018, 09:46:27 am »
You might be able to symbolically link the aliases file to the root of the web server and then access it via HTTP.

Offline joelones

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Access pfSense alias from other boxes
« Reply #2 on: January 22, 2018, 03:16:40 pm »
You might be able to symbolically link the aliases file to the root of the web server and then access it via HTTP.

Not exactly sure how to accomplish this. I noticed that the directory /var/db/aliastables/ doesn't have the IP Aliases.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Access pfSense alias from other boxes
« Reply #3 on: January 22, 2018, 03:35:27 pm »
No idea either.  I was totally guessing to get you started (or waste your time, 50/50....)  If it's in some binary format then good luck.

Offline kpa

  • Hero Member
  • *****
  • Posts: 1233
  • Karma: +138/-6
    • View Profile
Re: Access pfSense alias from other boxes
« Reply #4 on: January 23, 2018, 06:49:57 am »
You can extract contents of PF tables from the active ruleset with something like "/sbin/pfctl -T show -t bogons". I wouldn't use the webgui for that but run it over SSH with the root user and with  public keys to avoid use of passwords.

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3298
  • Karma: +862/-0
    • View Profile
Re: Access pfSense alias from other boxes
« Reply #5 on: January 23, 2018, 09:30:17 am »
To expound a bit on what @kpa is saying ---

Aliases defined on the FIREWALL >> ALIASES tab in pfSense eventually wind up defined as pf tables.  The table name matches the alias name, and the table's content will be the IP address or addresses the alias resolves to at run time.  So the CLI command he gave an example of is used to dump out the contents of a specific table name.  In the example given, the table name is "bogons".

If you don't know the table name in advance, you can do this to get a list of all the tables --

Code: [Select]
/sbin/pfctl -s Tables
You could code all this in a shell script to list the tables and then grab the contents (IP addresses) of each table.