Netgate m1n1wall

Author Topic: Debug IP Blocklist to work w/ 2.0 Beta  (Read 4075 times)

0 Members and 1 Guest are viewing this topic.

Offline NoahVail

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Debug IP Blocklist to work w/ 2.0 Beta
« on: November 18, 2010, 09:31:13 am »
Bounty is rendered unnecessary.  Thanks again, to Tommyboy180.

The offer is for an IBM Thinkpad T23.  This is an older notebook computer.
It's a grade 'B' machine w/ nothing missing.

It has a PIII 1.13GHz processor, 512MB Ram, 20GB HDD, DVD player, Power Supply.
It will come w/ a PCMCIA 10/100 NIC, for the 2nd network connection.

The Battery doesn't hold a charge, but I may include one that does.  It would be older and not guaranteed.
I may be able to include a docking station with it.  The ds would add 1 NIC and 2 more PCMCIA slots.

I pay shipping.

I know the notebook isn't worth Big$$$.  
I'm guessing this won't take a lot of time, and thereby my offer might be a reasonable one.

******


What I'm looking for is someone who could debug Tommyboy180's IP BlockList package;
to run -reasonably reliably- on a particular pfSense 2.0 Beta installation.
Tommyboy180 can't dedicate time - right now - to debug porting it over from 1.2 to 2.0.
It seems to run fine on 2.0, more often than not.

I'm competent, but my BSD skill-set isn't that developed, yet.
I have IP Blocklist working on a different Beta 2.

I've wiped, reloaded, tried dozens of builds - often w/ no other packages installed.
I've switched hardware (from this Thinkpad to my current Dell).
My trials are detailed here-> http://forum.pfsense.org/index.php/topic,24769.msg154680.html#msg154680

I understand pfSense 2.0 is BETA.  I know the code is continually changing.  I don't expect miracles or indentured servitude.
I have one machine in particular I'd like IP Blocklist to behave on.  I'd be really happy if that could happen.

It'd be double-extra groovy if you'd try to restore IP Blocklist; if some new pfSense 2.0 feature comes along and renders it inoperable:
(Like CSFR seems to have done)->http://forum.pfsense.org/index.php/topic,29987.0/topicseen.html

Again: I'm only looking for a reasonable effort.  We're both taking a small risk and I don't have unrealistic expectations.

If you think you could stick with me, through an additional bug or two;
then the docking station and better battery will arrive in the initial shipment.

*****
There are a couple of caveats.

1) This can't become Tommyboy180's project.  He's done a lot for the pfSense community and needs a life.

2) You can't overwrite his original code in the pfSense depository.  He doesn't have a local copy right now.

*****

Full Notebook Disclosure/Details.


I -dependably- ran pfSense 2 Beta on this notebook; from this past spring till last week.
I firewalled a small company w/ it and avg uptime was 30-60 days (when I'd restart it for an update).
I took it offline to substitute a P4 Dell.

I wouldn't run Squid+SquidGuard+Shallalist+massive custom ACL's on it.
I did that on it's twin and it bogged down as it didn't have enough RAM.

The only problem I ever had w/ it is an occasional bogus FAN error.  
The error occurred 4x over 8 months and only on boot.  The fan itself, is fine.  
This is a known issue w/ this gen Thinkpad, I never had the time to debug it.
It might be related to the docking station, as it only ever happened when docked.

End Disclosure

I'm moving home+office this month, so may be back here often, or not so often.
Thanks.
Noah Vail




« Last Edit: November 24, 2010, 11:17:56 am by NoahVail »

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3361
  • Karma: +0/-0
    • View Profile
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #1 on: November 19, 2010, 02:31:04 am »
The problem is you have not specified was wrong or i missed it!

We all are busy and have life but still do pfSense :)

Offline NoahVail

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #2 on: November 19, 2010, 11:44:17 am »
The problem is you have not specified was wrong or i missed it!

Well, I linked to what was wrong.
http://forum.pfsense.org/index.php/topic,24769.msg154680.html#msg154680
But I wasn't very clear what was in the link.

Anyhoo, the problem goes like this.
Quote
1. Paste my list link into the form and press '+'.
( ex: http://iblocklist.charlieprice.org/files/bt_spyware.gz - I've tried several good .gz links.)
2. Check 'Enable IP-Blocklist.
3. Click Save/Update.

Then the 'Current List' disappears entirely.
(I can bring it back by pressing '+', but that doesn't effect anything.)

My Status is always....

Current Status = Running

You are blocking 0 IPs

I have tried every possible combination of buttons; Save, Save/Update, etc.
I have uninstalled Country Block (the only other package) and tried IPBlocklist by itself.
I have tried rebooting between installs and configs.
I have tried a number of different versions of pfSense 2.0-BETA.

My results have been 100% consistent.  Status Running - Blocking 0 IPs.


We all are busy and have life but still do pfSense :)
You have a life?  How cool is that!  What's it like?  Can I have one too?

NV

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
  • Karma: +0/-0
    • View Profile
    • TomSchaefer.org
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #3 on: November 21, 2010, 05:07:54 am »
Okay! After a long night I think you will be happy.
I found the reason why the package doesn't play nice in 2.0 and I will be pushing an update very soon. I think I will update the package to the quality that countryblock is.

Long story short FreeBSD 8 kicked a bunch of legacy packages to the curb. IP-Blocklist relies on a Perl module to convert IP ranges to CIDR using libcrypt.so.4 which is not found in BETA2.0.

For now I tell BETA2.0 to install the legacy port until I can find a replacement Perl script. I'm not sure how this will affect BETA2.0 x64 so if someone can test I would be very happy.

I know my involvement comes as a surprise to NoahVail but after seeing that you posted the bounty made me think that I could spare a night to help out a friend. Just don't tell my wife I turned her PC into a pfsense box. Hopefully I will have it back to normal before she wakes up. :)
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here

Offline Efonne

  • Hero Member
  • *****
  • Posts: 630
  • Karma: +0/-0
    • View Profile
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #4 on: November 21, 2010, 05:18:51 am »
You could just install it in a virtual machine for testing...

By the way, in 2.0 there is a PHP function in /etc/inc/util.inc for converting an IP range to a series of IP/CIDR subnets.

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
  • Karma: +0/-0
    • View Profile
    • TomSchaefer.org
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #5 on: November 21, 2010, 05:34:10 am »
You could just install it in a virtual machine for testing...

By the way, in 2.0 there is a PHP function in /etc/inc/util.inc for converting an IP range to a series of IP/CIDR subnets.

Excellent. I will look at the function. I won't be able to completely switch over the the function however since I need to support 1.2.3. Is there an easy way to determine if the pfsense install is FreeBSD 8 or 7 in the package install scripts?
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here

Offline Efonne

  • Hero Member
  • *****
  • Posts: 630
  • Karma: +0/-0
    • View Profile
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #6 on: November 21, 2010, 05:41:25 am »
I'm not really sure.  However, if you just want to know if a function exists there is the function_exists call.  For example:

Code: [Select]
if (function_exists("my_function"))
    my_function()

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
  • Karma: +0/-0
    • View Profile
    • TomSchaefer.org
Re: Debug IP Blocklist to work w/ 2.0 Beta - Offer PIII Thinkpad for testing
« Reply #7 on: November 21, 2010, 01:25:46 pm »
Done! Version 3.0 is out.

DEVs, do me a favor and don't look at the RCS server! I had a bad morning :)
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here