1
23.7 Legacy Series / Re: Alias issues with Port(s)
« on: November 21, 2023, 11:39:09 am »
I made a clumsy mistake that I kept looking over. Apologies. This topic can be closed.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.7 Legacy Series / Re: Aliases ignored in rules since 23.7.8_1/3.0.12
« on: November 16, 2023, 10:06:04 pm »
Could you share a
See https://github.com/opnsense/core/issues/7017 why I'm asking. I got a good hint from @AdSchellevis
I haven't quite figured it out yet either. I have this issue with Aliases type Port(s)
Code: [Select]
/tmp/rules.debug See https://github.com/opnsense/core/issues/7017 why I'm asking. I got a good hint from @AdSchellevis
I haven't quite figured it out yet either. I have this issue with Aliases type Port(s)
3
23.7 Legacy Series / Re: OPNsense 23.7.8_1-amd64 >> Alias issues with Port(s)
« on: November 16, 2023, 06:39:35 pm »
I added a github bug issue: https://github.com/opnsense/core/issues/7017
4
23.7 Legacy Series / Alias issues with Port(s)
« on: November 16, 2023, 05:19:01 pm »
Hello,
I think there is a seriously issue with OPNsense 23.7.8_1-amd64 and Alias and Port(s). If I would like to add a Alias Port(s) in Firewall: Aliases. The web interface is working. The alias with the name is nicely added. But in Firewall: Diagnostics: Aliases it is not shown. Also the firewall rule where I would like to use the alias is also not working.
By checking:
pfctl -t $ALIAS -T show
returns an error
pfctl: Unknown error: -1.
If a use the same cmd with a existing Network(s) alias. It works and shows the IPs.
Am I doing something wrong? Or have I indeed found a bug in this version?
I think there is a seriously issue with OPNsense 23.7.8_1-amd64 and Alias and Port(s). If I would like to add a Alias Port(s) in Firewall: Aliases. The web interface is working. The alias with the name is nicely added. But in Firewall: Diagnostics: Aliases it is not shown. Also the firewall rule where I would like to use the alias is also not working.
By checking:
pfctl -t $ALIAS -T show
returns an error
pfctl: Unknown error: -1.
If a use the same cmd with a existing Network(s) alias. It works and shows the IPs.
Am I doing something wrong? Or have I indeed found a bug in this version?
5
General Discussion / Re: Alias creation using API
« on: November 03, 2023, 06:47:06 pm »Here is a python script which creates a json file for upload.
@trumee would you be willing to explain how to use your script?
6
General Discussion / Re: Feature Request: Description for each entry when creating aliases
« on: June 24, 2023, 09:28:07 am »
Of course you don't want that, I'm going to study the pictures even better. Thanks!
7
General Discussion / Re: Feature Request: Description for each entry when creating aliases
« on: June 24, 2023, 09:12:01 am »
Thanks for sharing great help. How is a nesting looking like?
8
General Discussion / Re: Feature Request: Description for each entry when creating aliases
« on: June 20, 2023, 09:09:52 pm »I am perfectly on board with nesting.
Create aliases like
Port_Application
Host4_Description
Net6_Description
and use groups. I am not missing anything and I would consider this best practice. I have been managing firewalls for 30 years.
Thank you for responding so quickly. Would you mind taking some screen shots? I would like to learn from your experiences, but I don't fully understand your post.
9
General Discussion / Re: Feature Request: Description for each entry when creating aliases
« on: June 20, 2023, 08:55:24 pm »
Used adding this link for interested readers (Feature request: proper administration of aliases): https://github.com/opnsense/core/issues/6619
10
18.7 Legacy Series / Re: Unbound DNS: Overrides
« on: January 13, 2019, 03:06:32 pm »Does it work? If it does, I guess so?
Yes it did, sorry for late response.
11
18.7 Legacy Series / Re: Unbound DNS: Overrides
« on: January 02, 2019, 02:01:52 pm »Hello,
You not getting what you expected perhaps because the Nameserver you have configured for the firewall. Eg, Settings -> General: DNS Servers. Unless you manually configure Unbound upstream nameservers and switch DNS Server to 127.0.0.1, you will not get the expected result.
Note, if you leave Unbound unconfigured to contact nameservers on it's own, it will use the firewall DNS servers. So simply setting DNS Servers to 127.0.0.1 blindly will have undesired consequences.
Regards
THANKS bugsmanagement
In "System: Settings: General" I disabled the setting below (the box is not checked).
If I test with this setting the behavior is as expected.
Code: [Select]
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14785
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN A
;; ANSWER SECTION:
testing.lan. 3600 IN A 192.168.10.15
Received 42 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3075
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN AAAA
Received 26 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN MX
Received 26 bytes from 127.0.0.1#53 in 0 ms
I use Unbound DNS in my configuration. In "Services: Unbound DNS: General" I have selected the interfaces for Unbound I need, including Localhost. As far as my knowledge is concerned, this configuration is ok. Agree?
12
18.7 Legacy Series / [SOLVED] Unbound DNS: Overrides
« on: January 01, 2019, 05:17:35 pm »
Hello,
I have a Unbound DNS: Override configured.
If I ping from a machine in the same subnet is get a DNS lookup.
But if I ping from de opnsense shell I don't get a response on the DNS lookup.
HoweverI can ping the IP.
If a do a host -d lookup for testing.lan I see that the DNS request is going to the DNS server I configured in "System: Settings: General"
Maybe I do not understand Unbound DNS yet?
In "Unbound DNS: General" I also selected in "Network Interfaces" "Localhost". By doing this I was expecting that from OPNsense shell I could also do a DNS lookup to a DNS name that was configured in the Overrides table.
Do I make a mistake? Someone tips / hits?
I have a Unbound DNS: Override configured.
| host | Domain | Type | Value | Description |
| testing | lan | A | 102.168.10.15 | Test server |
If I ping from a machine in the same subnet is get a DNS lookup.
Code: [Select]
ping testing.lan
Pinging testing.lan [192.168.10.15] with 32 bytes of data:But if I ping from de opnsense shell I don't get a response on the DNS lookup.
Code: [Select]
ping testing.lan
ping: cannot resolve testing.lan: Unknown hostHoweverI can ping the IP.
Code: [Select]
ping 192.168.10.15
PING 192.168.10.15 (192.168.10.15): 56 data bytes
64 bytes from 192.168.10.15: icmp_seq=0 ttl=64 time=0.506 msIf a do a host -d lookup for testing.lan I see that the DNS request is going to the DNS server I configured in "System: Settings: General"
Code: [Select]
host -d testing.lan
Trying "testing.lan"
Trying "testing.lan.lan"
Host testing.lan not found: 3(NXDOMAIN)
Received 105 bytes from xxx.xxx.xx.xx#53 in 13 msMaybe I do not understand Unbound DNS yet?
In "Unbound DNS: General" I also selected in "Network Interfaces" "Localhost". By doing this I was expecting that from OPNsense shell I could also do a DNS lookup to a DNS name that was configured in the Overrides table.
Do I make a mistake? Someone tips / hits?
Pages: [1]