Firewall Aliases for IP addresses not working

Started by wotcha, July 06, 2023, 09:32:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 06, 2023, 09:32:46 AM Last Edit: July 06, 2023, 09:36:24 AM by wotcha
My Firewall rules with alias is not working.
This is what I am getting:

Code Select

2023-07-06T15:15:03 Error firewall alias resolve error Group_30_IPs (error fetching alias url 10.0.30.53)
2023-07-06T15:15:03 Error firewall error fetching alias url 10.0.30.53
2023-07-06T13:04:30 Error firewall alias resolve error Group_20_IPs (error fetching alias url 10.0.20.51:55)
2023-07-06T13:04:30 Error firewall error fetching alias url 10.0.20.51:55


- VLAN 30 I am using DNSmasq,
- VLAN 20 I am using Unbound.
- Running Opnsense Version 23.1.11   


Otherwise I specifically have to type in every IP address as a "Single host" in the firewall rules for VLAN 30 for it to work. That's a lot of firewall rules...

July 06, 2023, 09:37:33 AM #1
You created aliases of type URL, apparently. IP addresses need to be of type host.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 06, 2023, 09:48:42 AM #2
Quote from: pmhausen on July 06, 2023, 09:37:33 AM
You created aliases of type URL, apparently. IP addresses need to be of type host.

Thanks, wow I can't believe I missed that. No wonder I've been having so much trouble. Calling the category "URL (IPs)" seems misleading. Perhaps "URL (IP Tables)" would be better.
July 06, 2023, 09:58:12 AM #3
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 06, 2023, 10:01:08 AM #4 Last Edit: July 06, 2023, 10:14:09 AM by wotcha
Quote from: pmhausen on July 06, 2023, 09:58:12 AM
https://docs.opnsense.org/manual/aliases.html  ;)

I am now getting this error:

Code Select

2023-07-06T15:56:00 Error firewall The DNS query name does not exist: 10.0.20.51:55. [for Group_20_IPHosts]
2023-07-06T15:50:33 Error firewall The DNS query name does not exist: 10.0.20.51:55. [for Group_20_IPHosts]
2023-07-06T15:45:28 Error firewall The DNS query name does not exist: 10.0.20.51:55. [for Group_20_IPHosts]


I thought I can express IP addresses as a range with a colon?

Nevermind I see it has to be written as "10.0.20.51-10.0.20.55"
July 06, 2023, 07:35:24 PM #5 Last Edit: July 06, 2023, 07:37:26 PM by wotcha
My alias is still not working..
I have this Firewall rule at the top...

with an Alias of:
- Name: Group_30_IPs
- Type: host
- Content: 10.0.30.50-10.0.30.55

Yet it is still being denied on that VLAN.

These are the screenshots of my firewall rules
July 07, 2023, 05:55:14 PM #6
Hi,

You are allowing only TCP traffic. 
> Have you tried it with the setting "ANY" ?

Mario
Print
Go Up Pages1
User actions