OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Taomyn on November 30, 2018, 09:13:47 am
-
I've created an alias for one country, Luxembourg, and created a WAN rule that blocks any access not from the alias (source inverted) to a specific TCP port, yet it still blocks my Luxembourg IPs
I have run a test on a blocked IP
root@bart:~ # /usr/local/bin/geoiplookup 193.91.40.197
GeoIP Country Edition: LU, Luxembourg
And as you can see it returns the correct country - I also see other non-LU IPs being blocked so the alias seems to be broken. I have rebooted the firewall as well.
Why is my IP being blocked by the firewall? Is there another test I can try to see why it doesn't think my IP is from Luxembourg?
-
Ok, so I found the problem - seems the alias GUI is not making some things obvious so it simply broke the rule.
I changed it from:
(https://forum.opnsense.org/index.php?action=dlattach;topic=10458.0;attach=5444)
to:
(https://forum.opnsense.org/index.php?action=dlattach;topic=10458.0;attach=5446)
And now it works.
When I remember how to do it, I will log a bug report.
-
Hi,
I have a similar problem.
I want to catch traffic to Austria, but it's not working. I added screenshots.
root@fw01:~ # /usr/local/bin/geoipupdate.sh
Fetching GeoIP.dat and GeoIPv6.dat...
/usr/local/share/GeoIP/GeoIPupdate.NQMYd6/GeoI100% of 694 kB 4658 kBps 00m00s
/usr/local/share/GeoIP/GeoIPupdate.DLAu70/GeoI100% of 1180 kB 5075 kBps 00m01s
root@fw01:~ # /usr/local/bin/geoiplookup 194.232.104.139
GeoIP Country Edition: AT, Austria
command line is also working, so I don't know why I don't get a catch on the rule, I tried it in Floating, LAN and WAN
Regards
Gregor
-
Hi,
I have a similar problem.
I want to catch traffic to Austria, but it's not working. I added screenshots.
root@fw01:~ # /usr/local/bin/geoipupdate.sh
Fetching GeoIP.dat and GeoIPv6.dat...
/usr/local/share/GeoIP/GeoIPupdate.NQMYd6/GeoI100% of 694 kB 4658 kBps 00m00s
/usr/local/share/GeoIP/GeoIPupdate.DLAu70/GeoI100% of 1180 kB 5075 kBps 00m01s
root@fw01:~ # /usr/local/bin/geoiplookup 194.232.104.139
GeoIP Country Edition: AT, Austria
command line is also working, so I don't know why I don't get a catch on the rule, I tried it in Floating, LAN and WAN
Regards
Gregor
have the same problem. since I use a transparent proxy, it should lie on the transparent proxy. but then I did not try the solution further. do you use a transparent proxy? If so, give it a try with the mimugmail solution. If it still does not work, then the problem is apparently not the proxy
https://forum.opnsense.org/index.php?topic=10192.msg46733#msg46733 (https://forum.opnsense.org/index.php?topic=10192.msg46733#msg46733)
-
under Firewall: Diagnostics: pfTables the table is also empty - look like it gets not loaded
-
root@fw01:/var/db/aliastables # /usr/local/opnsense/scripts/filter/update_tables.py
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/filter/update_tables.py", line 122, in <module>
alias_content = alias.resolve()
File "/usr/local/opnsense/scripts/filter/lib/alias.py", line 236, in resolve
for address in address_parser(item):
File "/usr/local/opnsense/scripts/filter/lib/alias.py", line 171, in _fetch_geo
for proto in self._proto.split(','):
AttributeError: 'NoneType' object has no attribute 'split'
-
I fix the update issue but still not working:
root@fw01:/var/db/aliastables # /usr/local/opnsense/scripts/filter/update_tables.py
root@fw01:/var/db/aliastables # cat /var/db/aliastables/IPv4_at.*
34fafd09432a71cc46e9fd6fc94b5ab3root@fw01:/var/db/aliastables #
-
my personal workaround, till I get help:
cp /usr/local/share/GeoIP/alias/AT-IPv4 /var/db/aliastables/IPv4_at.self.txt
cp /usr/local/share/GeoIP/alias/AT-IPv4 /var/db/aliastables/IPv4_at.txt
/usr/local/opnsense/scripts/filter/update_tables.py
-
under Firewall: Diagnostics: pfTables the table is also empty - look like it gets not loaded
I also have this issue. I am using US IPv4 as my constraint and the table is empty in pfTables.