Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - codera

Pages: [1]

23.7 Legacy Series / Re: How to find out, where is website blocked

« on: January 20, 2024, 05:58:56 pm »

> opening website by IP works, but i cannot login etc, so the sites fowards the request to its domain name and then it stops working.
This bit doesn't make sense to me. What site is forwarding what request to its domain name?

So when i go to https://51.91.30.159/, it opens, but is not displayd correctly. When i press login button, then site fowards request to https://www.upload.ee/login.html
And after that i get message: www.upload.ee’s server IP address could not be found.

> By IP aadress i can see, that session and state is establised udner firewall diagnostics.
So, presumably the name has been resolved (what are you using to resolve, Unbound?), and then the request was sent from your client to the server. No blocks I can see in this flow.
Yes, unbound and Opnsense is DNS server for the network.
Nslookup from my pc gives me:
Non-authoritative answer:
Name: upload.ee
Addresses: 2001:41d0:403:2b9f::
51.91.30.159

> I added domain name to unbound dns whitelisted domain, but still is does not open.
Why would you whitelist it if it is resolved? Then, are you using blocklists?
Yes, i have a couple of one selected under Services: Unbound DNS: Blocklist, but i tried disable it, but that did not help. Site is still not working.

> Local firewall is not blocking, name is resolved to right IP but it wount open by dns name.
Assume this is client firewall?
Yes, correct

23.7 Legacy Series / Re: How to find out, where is website blocked

« on: January 15, 2024, 01:59:52 pm »

Well that is the problem, when i switch my computer lan connection to old Pfsense box, then the same site is working.
So something is blocking this site in Opnsense, but what and how to find out?

23.7 Legacy Series / Re: Kali Linux Exploit Window Machine

« on: January 15, 2024, 01:58:35 pm »

It does not really matter, which firewall are we talking about IMO. Are you exposing Windows servers publically to the internet without any source acl firewall rules, or web application proxy, vpn etc?
If some threat actor can get access inside the network, there are some many ways to exploit servers. In a production network you should separate servers into separate vlan, put some propers rules in place.

23.7 Legacy Series / How to find out, where is website blocked

« on: January 14, 2024, 02:54:37 pm »

Hi
I am trying to troubleshoot an issue, where one legit is not opening behing Opnsense firewall.
I tired stopping Zerarmor - that did not help.
Opening website by IP works, but i cannot login etc, so the sites fowards the request to its domain name and then it stops working.
By IP aadress i can see, that session and state is establised udner firewall diagnostics.
I added domain name to unbound dns whitelisted domain, but still is does not open.
Local firewall is not blocking, name is resolved to right IP but it wount open by dns name.

What am i missing or what logs should i look for?

18.7 Legacy Series / Re: suricata Kernel crashes since update

« on: January 01, 2019, 06:32:02 pm »

Using OPNsense 18.7.9-amd64 and i can confirm, that the same bug still exists with Hyperscan.

As i can see, that even the latest version is using still suricata 4.0.6 version, but the latest stable is 4.1.2.
Are there any plans on upgrade?

EDIT: as found from here, fix is to disable "abuse.ch/URLhaus" rule:

https://forum.opnsense.org/index.php?topic=9164.30

EDIT: fix was temporarly, still Surricata crashes:
(suricata), uid 0: exited on signal 6 (core dumped)

Pages: [1]