Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Phobus

Pages: [1]

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 03, 2018, 02:41:15 pm »

OK I've found the "bug" with aliases (hosts) not working.
In my case I've a alias list with hosts they are used from MS for data collection.
One of them can't be resolved anymore so this entry should be skipped (in my opinion), but in that case it ended up with an error -> table generation (all) will be aborted -> aliases in that case will not work.

One deceased entry in an alias list is enough to stop the whole table generation

This behavior should be changed to skip such entries.

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 02, 2018, 03:45:58 pm »

After the update to 18.1.1 "IDS rule update problem" seems to be solved.
Unfortunately Alias problem still exist - aliases aren't working e.g. hosts

Same outputs as posted before...

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 02, 2018, 10:42:33 am »

Quote

Under Firewall: Settings: Advanced, is " Verify HTTPS certificates when downloading alias URLs" checked or unchecked? Are you using a proxy server in your network doing HTTPS MITM?

In my Situation also:
Setting is unchecked and I'm not using a proxy server who intercepts https..

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 02, 2018, 10:19:07 am »

Quote from: franco on February 01, 2018, 11:51:13 pm

Maybe we should separate "not working" into two categories:

(a) Firewall: Diagnostics: pfTables -- alias empty
(b) generally not working in NAT or firewall rule

Then also check (b) under Firewall: Diagnostics: pfInfo (Rules) whether these non-working rules actually see traffic

Thanks,
Franco

For me (Alias problem):
(a) Firewall: Diagnostics: pfTables -- alias empty

# configctl filter refresh_aliases
Still empty

# rm /var/db/aliastables/EBL*
# configctl filter refresh_aliases
Still empty
Output: Error (1)

Strange Output now files and Aliases are missing:

root@*****:~ # ls -lah /var/db/aliastables/
total 12
drwxr-x--- 2 root wheel 512B Feb 2 10:29 .
drwxr-xr-x 18 root wheel 1.0K Feb 2 08:36 ..
-rw-r----- 1 root wheel 257B Feb 2 10:29 EBL.self.txt

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 01, 2018, 07:04:10 pm »

Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

Pages: [1]