Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tarly123

Pages1
#1
17.7 Legacy Series / Re: Cannot ping ISPs DNS servers since upgrade from 17.1.11 to 17.7
August 06, 2017, 11:10:12 PM
Alright, I've found the line where this route gets created: https://github.com/opnsense/core/blob/86996d7bf74d7eadcd0879d8edb5aa3d7f807b32/src/sbin/dhclient-script.ext#L274
This line adds this route with the wrong gateway (the MAC address of the specified interface of the OPNsense box). Probably the gateway should be specified explicitly?

The only thing that wonders me is that this file wasn't touched for about 2 years. And it was working with version 17.1.11 ???


best regards,
Andreas
#2
17.7 Legacy Series / Re: Cannot ping ISPs DNS servers since upgrade from 17.1.11 to 17.7
August 06, 2017, 06:44:37 PM
What are gateway rules? Firewall rules where the gateway field is something other than default? I don't have any of these.

I already checked if the firewall is the issue, but there are no blocked requests, requests to destination port 53 go through by the "@63 pass out log all flags S/SA keep state allow-opts label "let out anything from firewall host itself" rule.

Some update: During night the route reappeared and I had to delete it again.


best regards,
Andreas
#3
17.7 Legacy Series / Re: Cannot ping ISPs DNS servers since upgrade from 17.1.11 to 17.7
August 06, 2017, 01:21:19 AM
Hi Franco,

no, I don't have Intrusion Detection enabled.
Is there any other service which could create this route? imho the problem has to do something with this route, because without the route everything works (i.e. the ISPs DNS server get routed by the default gateway, which is the ISP box).


best regards,
Andreas
#4
17.7 Legacy Series / [SOLVED] Cannot ping ISPs DNS servers since upgrade from 17.1.11 to 17.7
August 05, 2017, 11:14:40 PM
Hi,

since the upgrade from 17.1.11 to 17.7 I cannot resolve external hostnames anymore.

My network:
Internet <--> ISP box (in routing mode, DHCP server enabled) <--> OPNsense box (retrieves DNS server IPs per DHCP from the ISP box) <--> Clients

After some troubleshooting I found out that the OPNsense box is unable to ping my ISPs DNS servers.

There are two weird entries in the routing table of my OPNsense box:
Code Select
Destination        Gateway            Flags     Netif Expire
195.34.133.21      00:0d:b9:XX:XX:XX  UHS        igb1
212.186.211.21     00:0d:b9:XX:XX:XX  UHS        igb1
The IPs are the two DNS servers from my ISP, and the gateway is the MAC address of the igb1 interface of my OPNsense box.
Shouldn't the gateway point to the IP/MAC of the ISP Box?

There are also two weird ARP entries:
Code Select
? (195.34.133.21) at (incomplete) on igb1 expired [ethernet]
? (212.186.211.21) at (incomplete) on igb1 expired [ethernet]
The ISPs DNS server is obviously not in my local network, why does the OPNsense box have an ARP entry for it?

When I delete the two routes for the ISPs DNS servers manually, I can ping the DNS servers from the OPNsense box again and everything works. But this route gets recreated on each boot.
Has anybody a tip what's the issue here?


Thanks,
Andreas
Pages1