Author Topic: Aliases dosen't work(?) (Read 16513 times)

mais_um · « **on:** December 08, 2017, 01:29:54 am »

Hi

OPNSense version: OPNsense 18.1.a_428-amd64

Have a roule from Wan (aliases 3 IPs) to firewall to manage the firewall and is not working.

The roule: Proto Source Port Destination Port Gateway Schedule Description
IPv4 TCP MaisUm * This Firewall 443 (HTTPS) *

MaisUm with host: 192.168.100.100, 192.168.100.102 and 192.168.100.103.

If i put and IP; 192.168.100.100 or WAN Net (192.168.100.0/22) it works with aliases MaisUm doesn't.

I only have only one alias "MaisUm"
Thanks

franco · « **Reply #1 on:** December 08, 2017, 07:16:29 am »

Hi there,

Thank you for running -devel!

Aliases are undergoing a larger rework which will take at least one more iteration, if you need them to be like they used to you have two options.

1. Switch back to the production release:

# opnsense-update -t opnsense

2. Go back to the last known good -devel package:

# opnsense-revert -r 17.7.8 opnsense-devel

Cheers,
Franco

mais_um · « **Reply #2 on:** December 08, 2017, 12:10:27 pm »

Is in a test environment. So just saying.

franco · « **Reply #3 on:** December 08, 2017, 12:13:43 pm »

Ad said it only needs kickstart, e.g. giving it a reboot should make it work again. Make sure you update to 18.1.a_444 to avoid glitches.

Cheers,
Franco

marjohn56 · « **Reply #4 on:** January 08, 2018, 10:21:21 am »

@franco

Has this been completed?

I only ask as my primary router relies heavily on Aliases, Secondary test router does not use them. If it's done I can move the primary to 18.*

franco · « **Reply #5 on:** January 08, 2018, 07:08:26 pm »

There were 2 reports about /var/db/aliastables not being created which caused resolution to fail, but which we couldn't reproduce. The code is all in 18.1.r1, if you must you can wait till 18.1.r2 or 18.1 to move over. It's hard to say, but we are confident as other testers said to be happy.

Until 18.1 is out 17.7 will be updated alongside.

Cheers,
Franco

marjohn56 · « **Reply #6 on:** January 08, 2018, 07:35:30 pm »

Thanks Franco,

It's fine, I did find they work, I set up a couple of Aliases on my test unit and had no issues.

Better to leave the primary as it is for now. SWMBO works from home and if I break the net then I am in deep doggie doos...

markusd · « **Reply #7 on:** January 12, 2018, 03:26:50 pm »

Hi
It seems, firewall-aliases don`t work for me after update to 18.1.r1...
And there is no /var/db/aliastables...

Any infos you need?

Thanks!

Markus

franco · « **Reply #8 on:** January 12, 2018, 03:55:25 pm »

Hi Markus,

If you run this once on the console, will it work?

# configctl filter refresh_aliases

Cheers,
Franco

markusd · « **Reply #9 on:** January 12, 2018, 04:24:17 pm »

Hi Franco,
thank you for your fast answer!

# configctl filter refresh_aliases
works after
# mkdir /var/db/aliastables

I now can generate a new HOST-Alias and find it in the directory, but
a new ports -Alias isn`t there?

tillsense · « **Reply #10 on:** January 12, 2018, 07:05:09 pm »

I can confirm that. aliases are currently not active here with r1.

cheers till

franco · « **Reply #11 on:** January 12, 2018, 08:01:03 pm »

Thanks guys, one patch here that should fix the mkdir thing.

https://github.com/opnsense/core/commit/60e4e8080

I'll do more tests with the transition of aliases from 17.7.x to 18.1.x which seems to be the key element to the reported behaviour on Monday. As far as I know port aliases are special as they don't change, saving them from the GUI should fix their usage in any case.

Cheers,
Franco

nivek1612 · « **Reply #12 on:** January 14, 2018, 12:35:51 am »

Hi Franco

Alias seems broken for me also at 18.1. I use them extensively to avoid me having to list the ports and IP address in the WAN rules

After a reboot I cannot access servers from outside my firewall

"configctl filter refresh_aliases"

fixes the problem

but the issue returns after reboot and another "configctl filter refresh_aliases" is required

I pulled in my config from 17.7.11 into a fresh install of 18.1r

I have applied patch 60e4e80

franco · « **Reply #13 on:** January 14, 2018, 03:29:44 pm »

Hi nivek,

Can you dump this output for me?

# df -h

I think you are using /var MFS through Nano image maybe?

Cheers,
Franco

marjohn56 · « **Reply #14 on:** January 14, 2018, 04:07:14 pm »

Not sure what Kev has but this is my test unit, it's configured with the same config as my live unit except for the number of ports. Running dev version and suffering the same issue.

root@gateway:~ # df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/rootfs 26G 1.6G 22G 7% /
devfs 1.0K 1.0K 0B 100% /dev
tmpfs 3.1G 15M 3.1G 0% /var
tmpfs 3.1G 84K 3.1G 0% /tmp
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
root@gateway:~ #

Before you ask, nothing in /var/db/ apart from pkg. :}

after reboot 'configctl filter refresh_aliases' just freezes when I run it. CTRL-C and run it again it says OK.

Author Topic: Aliases dosen't work(?) (Read 16513 times)

mais_um

Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

mais_um

Re: Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

marjohn56

Re: Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

marjohn56

Re: Aliases dosen't work(?)

markusd

Re: Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

markusd

Re: Aliases dosen't work(?)

tillsense

Re: Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

nivek1612

Re: Aliases dosen't work(?)

franco

Re: Aliases dosen't work(?)

marjohn56

Re: Aliases dosen't work(?)