Netgate SG-1000 microFirewall

Author Topic: Unable to communicate with https://packages.pfsense.org. Please verify DNS and  (Read 1711 times)

0 Members and 1 Guest are viewing this topic.

Offline scorpion2087

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
I am getting this error after restoring and reconfiguring it i tried this command

env ip6addrctl_enable="yes" ip6addrctl_policy="prefer_ipv4" /etc/rc.d/ip6addrctl start

Then Flush command and afterthat reboot of firewall

But no use  please help
« Last Edit: May 17, 2014, 10:56:23 am by scorpion2087 »

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12011
  • Karma: +475/-15
    • View Profile
Is it able to check for fimeware updates?
Are you using policy based routing?
Are you able to ping it from the pfsense box? From a client behind pfsense?

Steve

Offline scorpion2087

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Hi steve i am attaching screen shots of firewall output

    • No pfsense is not able to obtain update status
    • Not able to ping google or pfsense websites but i can ping my DHCP server which is windows 2008 server
    • Internet is working fine in my LAN network but PF sense is not able to obtain any update
    • yesterday i reset PFsense on factory default mode before that it was working fine so no rules are there screen shots of rules is also attached
    [/b]


    Please help to resolve this error

Offline scorpion2087

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Is it able to check for fimeware updates?
Are you using policy based routing?
Are you able to ping it from the pfsense box? From a client behind pfsense?

Steve


Hey steve

as i already mentioned that internet on my LAN is working but i Dont know weather its a problem with MY ISP DNS server or with PFSENSE

i tried one silverbullet

System > General Setup > in DNS section along with my ISP DNS i entered google Public DNS address 8.8.8.8 & 8.8.4.4 and now PING in PFsense and Package manager is working.

but Public DNS are not safe so please tell me the solution for it

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +896/-7
    • View Profile
    • Chris Buechler
but Public DNS are not safe so please tell me the solution for it

uh... what? DNS in general isn't safe, "public DNS" is no less safe than anything else. That's part of why we've switched essentially everything over to HTTPS.

Offline kpa

  • Hero Member
  • *****
  • Posts: 1233
  • Karma: +138/-6
    • View Profile
You can switch to using Unbound as the caching resolver and tell it not to use forwarders. That way you can be pretty sure the answers you get are straight from the horse's mouth, the authoritative servers in other words. If you're really paranoid Unbound supports DNSSEC but unfortunately DNSSEC hasn't been yet adopted widely.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +896/-7
    • View Profile
    • Chris Buechler
You can switch to using Unbound as the caching resolver and tell it not to use forwarders.

Still, anyone in the position to modify the traffic between you and Google will be able to just as easily modify your recursive lookups direct to other servers.

Yeah, DNSSEC is ultimately the answer, but it'll be a while before the world gets there.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12011
  • Karma: +475/-15
    • View Profile
So the box did not have DNS working correctly but client behind it did? Are your lan clients using the pfSense DNS forwarder or do you have something else on your network providing DNS?
What sort of connection is your WAN? Usually the DNS servers are provided by the WAN via DHCP or PPP, is your ISP not providing them?

In System: General: do you have either the 'Allow DNS server list to be overridden by DHCP/PPP on WAN' or 'Do not use the DNS Forwarder as a DNS server for the firewall' boxes checked?

I use Google's DNS servers and don't worry about it, Google knows everything about me anyway.  ::)

Steve
« Last Edit: June 17, 2014, 06:35:07 am by stephenw10 »

Offline somkheart

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-2
    • View Profile
I have same problem . How i can fixed it

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12011
  • Karma: +475/-15
    • View Profile
You have the same symptoms as the OP?
Is the pfSense box able to check for updates?
You tried the IPv6 fix?

Steve