OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • NAT, port aliases, redirect not working after upgrade
« previous next »
  • Print
Pages: 1 ... 3 4 [5] 6

Author Topic: NAT, port aliases, redirect not working after upgrade  (Read 26267 times)

Phobus

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #60 on: February 02, 2018, 10:42:33 am »
Quote
Under Firewall: Settings: Advanced, is " Verify HTTPS certificates when downloading alias URLs" checked or unchecked? Are you using a proxy server in your network doing HTTPS MITM?
In my Situation also:
Setting is unchecked and I'm not using a proxy server who intercepts https..
Logged

Phobus

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #61 on: February 02, 2018, 03:45:58 pm »
After the update to 18.1.1 "IDS rule update problem" seems to be solved.
Unfortunately Alias problem still exist - aliases aren't working e.g. hosts  :(
Same outputs as posted before...
Logged

opnsense_user12123

  • Guest
Re: NAT, port aliases, redirect not working after upgrade
« Reply #62 on: February 02, 2018, 08:49:30 pm »
NAT / Portforwarding is even in 18.1.1 not working correctly.

only if i disable port forwarding rule to proxy 127.0.0.1 (https) and disable blocking https rule, i get a 100% working connection!

On 17.7.12 these all works without any problems.

my no ssl bump list is the same as in version 17.7.12.


Logged

Phobus

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #63 on: February 03, 2018, 02:41:15 pm »
OK I've found the "bug" with aliases (hosts) not working.
In my case I've a alias list with hosts they are used from MS for data collection.
One of them can't be resolved anymore so this entry should be skipped (in my opinion), but in that case it ended up with an error -> table generation (all) will be aborted -> aliases in that case will not work.

One deceased entry in an alias list is enough to stop the whole table generation  :o
This behavior should be changed to skip such entries.
Logged

hirschferkel

  • Jr. Member
  • **
  • Posts: 92
  • Karma: 3
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #64 on: February 07, 2018, 10:46:16 am »
After Updating to 18.1.1 it runs again. Obviously there were some more issues.
Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #65 on: February 11, 2018, 02:22:03 pm »
Tried reinstalling with 18.1 and updated to 18.1.2_2.
Still the same issue, geoip alias is empty..
Executed refresh_aliases and also deleted the tables and retried, still empty..
Same on test VM.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13902
  • Karma: 1206
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #66 on: February 13, 2018, 05:32:47 pm »
Another patch to try... https://github.com/opnsense/core/commit/b514992

# opnsense-patch b514992


Cheers,
Franco

Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #67 on: February 13, 2018, 05:40:44 pm »
Quote from: franco on February 13, 2018, 05:32:47 pm
Another patch to try... https://github.com/opnsense/core/commit/b514992

# opnsense-patch b514992


Cheers,
Franco
Applied patch, retried the previous steps, still empty :(
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #68 on: February 13, 2018, 05:43:00 pm »
How are you populating the alias?  Sorry if you mentioned it, but I don't want to dig through the entire thread.
Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #69 on: February 13, 2018, 05:53:15 pm »
Quote from: Dominian on February 13, 2018, 05:43:00 pm
How are you populating the alias?  Sorry if you mentioned it, but I don't want to dig through the entire thread.
I open an alias and save it, apply the changes and check the pfTables result for the GeoIP alias.

Since it's still empty, I try these mentioned commands:

# rm /var/db/aliastables/CH*
# configctl filter refresh_aliases

And still empty.
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #70 on: February 13, 2018, 05:53:58 pm »
What is your configuration on the Alias itself?

Can you post a screenshot of the config?
Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #71 on: February 13, 2018, 05:59:18 pm »
Quote from: Dominian on February 13, 2018, 05:53:58 pm
What is your configuration on the Alias itself?

Can you post a screenshot of the config?
Only one country checked, even tried another one, same result..
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #72 on: February 13, 2018, 06:03:19 pm »
So, I just tested a brand new alias, using this: https://iplists.firehol.org/files/firehol_level1.netset

Set the alias to URL Table (IPs) set the expiration to 1 day 0 hours (So it will refresh daily) and submitted, pfTables immediately shows them.

I've attached what the alias config looks like.  Can you screenshot YOUR alias similar to how I did mine so I can see what you're doing exactly.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13902
  • Karma: 1206
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #73 on: February 13, 2018, 06:24:16 pm »
@Evil_Sense it's not for populating aliases, it's for repairing alias usage in the outbound rules. run this before retesting:

# configctl filter reload


Cheers,
Franco
Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #74 on: February 13, 2018, 06:33:11 pm »
Quote from: Dominian on February 13, 2018, 06:03:19 pm
So, I just tested a brand new alias, using this: https://iplists.firehol.org/files/firehol_level1.netset

Set the alias to URL Table (IPs) set the expiration to 1 day 0 hours (So it will refresh daily) and submitted, pfTables immediately shows them.

I've attached what the alias config looks like.  Can you screenshot YOUR alias similar to how I did mine so I can see what you're doing exactly.
That's how I configured the GeoIP alias..

Edit: IP and port aliases are working and also populated
« Last Edit: February 13, 2018, 06:35:16 pm by Evil_Sense »
Logged

  • Print
Pages: 1 ... 3 4 [5] 6
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • NAT, port aliases, redirect not working after upgrade
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2