GeoIP shows country as unknown

yquirion · Jan 8, 2023, 4:59 PM

Dear all!

First, I would like to wish everyone an happy new years 2023! This is my first post into this forum!

Yesterday I installed and started to play with pfBlockerNG-devel version 3.1.0_9. I have created some "Aliase Native" to block or allow some countries.

Then when I look at the "Reports", I notice that most of the time, the column "GeoIP" is Unk (Unknown).

I search the web and found this post from @serbus.

Of course, as it was related, I didn't have the file GeoLite2-Country.mmdb into the folder /usr/local/share/GeoIP. Then I manually download it using the specified commands:

php -f /usr/local/www/pfblockerng/pfblockerng.php dc
cd /usr/local/share/GeoIP
/usr/bin/tar -xzf GeoLite2-Country.tar.gz --strip=1

After unzipping the database, I made some tests. From the "Reports" page, I selected an IP address that has "Unk" as GeoIP:

[2.6.0-RELEASE][admin]/root: /usr/local/bin/mmdblookup -v -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 89.248.165.195 country iso_code

  Database metadata
    Node count:    924578
    Record size:   24 bits
    IP version:    IPv6
    Binary format: 2.0
    Build epoch:   1672939859 (2023-01-05 17:30:59 UTC)
    Type:          GeoLite2-Country
    Languages:     de en es fr ja pt-BR ru zh-CN
    Description:
      en:   GeoLite2 Country database


  Record prefix length: 120

  "NL" <utf8_string>

So it is returning me the country for IP 89.248.165.195, but in the pfsense GUI, under Firewall -> pfBlockerNG -> Alerts -> Reports, I still see "Unk" as GeoIP.

I restarted the pfb_filter many times without luck. Then I restarted the pfsense and still having the same behaviour.

Here is a screenshot:
login-to-view

You will notice that sometimes, there is a country for GeoIP, but those are rare and I don't understand why, even if the mmdblookup command returns the good information.

Does anyone has an idea why I'm having this issue?

Thank you and Best Regards,
Yanick

jdeloach · Jan 8, 2023, 5:43 PM

@yquirion
There is another message or two here about this issue. @Gertjan, another user, has offered a mod to the code on here that supposedly fixes the issue. You need to look at the other message for this issue.
I'm not sure if any one has notified the package maintainer, @BBcan177 of the issue or that he has blessed the code changes in the other message.

yquirion · Jan 8, 2023, 6:05 PM

Hi @jdeloach,

Can you paste the link to @Gertjan message? I tried to look under his profile, but he's posting a lot

Thanks for your reply!
Yanick

jdeloach · Jan 8, 2023, 10:06 PM

@yquirion said in GeoIP shows country as unknown:

Hi @jdeloach,

Can you paste the link to @Gertjan message? I tried to look under his profile, but he's posting a lot

Thanks for your reply!
Yanick

Sorry, I made a mistake, it wasn't Gertjan that came up with work around in the code for this issue. I was thinking of something else.

Gertjan · Jan 9, 2023, 8:47 AM

@jdeloach said in GeoIP shows country as unknown:

There is another message or two here about this issue. @Gertjan, another user, has offered a mod to the code on here that supposedly fixes the issue

This one : pfBlockerNG-devel v3.1.0_9 / v3.1.0_15 isn't related, as it was a 'ut1' audio video file name mismatch issue.

RabidSasquatch · Jan 9, 2023, 9:49 AM

@yquirion I think this is the post you are looking for: https://forum.netgate.com/topic/176668/geoip-showing-unk/7

dkggpeters · Jan 9, 2023, 5:56 PM

I am having the same issues. Originally the GeoLite2-Country.mmdb did not exist which I ran /usr/bin/tar -xzf GeoLite2-Country.tar.gz --strip=1. I restarted prb_filter and even did a reboot and the vast majority are showing as Unk.

I also queried my biggest offenders which show and Unk and the query respons with a country code.

fireodo · Jan 9, 2023, 6:02 PM

@dkggpeters

https://forum.netgate.com/post/1079299

dkggpeters · Jan 9, 2023, 6:25 PM

@fireodo both myself and the op did that which I stated and he stated.

fireodo · Jan 9, 2023, 6:27 PM

@dkggpeters said in GeoIP shows country as unknown:

@fireodo both myself and the op did that which I stated and he stated.

OK!

dkggpeters · Jan 9, 2023, 6:31 PM

@yquirion This worked for me. I went to package manager and did a reinstall and an update afterwards. Now GeoIP is populating for all items.

dkggpeters · Jan 9, 2023, 6:35 PM

@fireodo It ended up being something with the original install. I reinstalled and everything works. Thanks for the effort.

yquirion · Jan 10, 2023, 4:02 PM

@dkggpeters You were right! Just reinstalling the package also solve the issue for me! It was also nice that the reinstall didn't reset all my configuration!

Thank you so much for the hint! Really appreciated!

Cheers!

dkggpeters · Jan 10, 2023, 5:07 PM

@yquirion I was surprised as well and was hoping it did not change my configuration which it did not. I was not aware about querying the database so I learned a very nice thing from you as well.