Aliases dosen't work(?)

Started by mais_um, December 08, 2017, 01:29:54 AM

Previous topic - Next topic
Hi

OPNSense version: OPNsense 18.1.a_428-amd64

Have a roule from Wan (aliases 3 IPs) to firewall to manage the firewall and is not working.

The roule:        Proto  Source         Port   Destination   Port                  Gateway   Schedule   Description   
      IPv4 TCP   MaisUm         *        This Firewall   443 (HTTPS)   *


MaisUm with host: 192.168.100.100, 192.168.100.102 and 192.168.100.103.

If i put and IP; 192.168.100.100 or WAN Net (192.168.100.0/22) it works with aliases MaisUm doesn't.

I only have only one alias "MaisUm"
Thanks

Hi there,

Thank you for running -devel!

Aliases are undergoing a larger rework which will take at least one more iteration, if you need them to be like they used to you have two options.

1. Switch back to the production release:

# opnsense-update -t opnsense

2. Go back to the last known good -devel package:

# opnsense-revert -r 17.7.8 opnsense-devel


Cheers,
Franco

Is in a test environment. So just saying. 

Ad said it only needs kickstart, e.g. giving it a reboot should make it work again. Make sure you update to 18.1.a_444 to avoid glitches. :)


Cheers,
Franco

@franco

Has this been completed?

I only ask as my primary router relies heavily on Aliases, Secondary test router does not use them. If it's done I can move the primary to 18.*

OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member

There were 2 reports about /var/db/aliastables not being created which caused resolution to fail, but which we couldn't reproduce. The code is all in 18.1.r1, if you must you can wait till 18.1.r2 or 18.1 to move over. It's hard to say, but we are confident as other testers said to be happy.

Until 18.1 is out 17.7 will be updated alongside. :)


Cheers,
Franco

Thanks Franco,

It's fine,  I did find they work, I set up a couple of Aliases on my test unit and had no issues.

Better to leave the primary as it is for now. SWMBO works from home and if I break the net then I am in deep doggie doos...  ;D
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member

Hi
It seems, firewall-aliases don`t work for me after update to 18.1.r1...
And there is no /var/db/aliastables...

Any infos you need?

Thanks!

Markus

Hi Markus,

If you run this once on the console, will it work?

# configctl filter refresh_aliases


Cheers,
Franco

Hi Franco,
thank you for your fast answer!

# configctl filter refresh_aliases
works after
# mkdir /var/db/aliastables

I now can generate a new HOST-Alias and find it in the directory, but
a new ports -Alias isn`t there?


I can confirm that. aliases are currently not active here with r1.

cheers till

Thanks guys, one patch here that should fix the mkdir thing.

https://github.com/opnsense/core/commit/60e4e8080

I'll do more tests with the transition of aliases from 17.7.x to 18.1.x which seems to be the key element to the reported behaviour on Monday. As far as I know port aliases are special as they don't change, saving them from the GUI should fix their usage in any case.


Cheers,
Franco

Hi Franco

Alias seems broken for me also at 18.1. I use them extensively to avoid me having to list the ports and IP address in the WAN rules

After a reboot I cannot access servers from outside my firewall

"configctl filter refresh_aliases"

fixes the problem

but the issue returns after reboot and another "configctl filter refresh_aliases" is required

I pulled in my config from 17.7.11 into a fresh install of 18.1r

I have applied patch 60e4e80
OPNsense 24.7.* on Qotom i5-5250U with AAISP FTTP 900/120
OPNsense 24.7.* on Qotom i7-4500U with Orange FR FTTP 1000/400

Team Rebellion Member
One of Marjohns TESTERS :-)

Hi nivek,

Can you dump this output for me?

# df -h

I think you are using /var MFS through Nano image maybe?


Cheers,
Franco

January 14, 2018, 04:07:14 PM #14 Last Edit: January 14, 2018, 04:19:34 PM by marjohn56
Not sure what Kev has but this is my test unit, it's configured with the same config as my live unit except for the number of ports. Running dev version and suffering the same issue.


root@gateway:~ # df -h
Filesystem         Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs     26G    1.6G     22G     7%    /
devfs              1.0K    1.0K      0B   100%    /dev
tmpfs              3.1G     15M    3.1G     0%    /var
tmpfs              3.1G     84K    3.1G     0%    /tmp
devfs              1.0K    1.0K      0B   100%    /var/dhcpd/dev
root@gateway:~ #

Before you ask, nothing in /var/db/ apart from pkg. :}

after reboot 'configctl filter refresh_aliases' just freezes when I run it. CTRL-C and run it again it says OK.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member