Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Last IP of an Alias is not used???

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      furom
      last edited by

      Hi,

      I have an alias of IP's which I use in one of my rules. However, I see that the last IP in that alias gets blocked... But if I add it twice it is used. Anyone else seeing this phenomena?

      I don't believe it is a general problem with aliases in pfSense, but why would one (all else works fine afaik) of my defined one do this?

      Strange as it may sound, it feels like indexing of this alias is off by one...

      Thanks

      S johnpozJ 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @furom
        last edited by

        @furom Create the alias and check its contents in Diagnostics/Tables.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        F 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @furom
          last edited by

          @furom said in Last IP of an Alias is not used???:

          Anyone else seeing this phenomena?

          Nope... I looked in all of my per-existing aliases, and all the IPs are there. I then for good measure created a new one with 5 IPs, and all of them there.

          table.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          F 1 Reply Last reply Reply Quote 0
          • F
            furom @SteveITS
            last edited by

            @steveits said in Last IP of an Alias is not used???:

            Create the alias and check its contents in Diagnostics/Tables.

            Did that now, and as said before, I have defined it with same address twice at the end for it not to be blocked, but in diagnostics/table it only shows up once. But it shows 6 unique addresses, which is correct.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • F
              furom @johnpoz
              last edited by

              @johnpoz said in Last IP of an Alias is not used???:

              created a new one with 5 IPs, and all of them there

              Same here. In diagnostics/table all addresses show up, but for one of them pfSense is not using the last one - it is being blocked and cought in the log. Mitigation for now is to enter it twice in the alias...

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @furom
                last edited by johnpoz

                @furom said in Last IP of an Alias is not used???:

                I have defined it with same address twice

                why.. its not going to show dupes I do not believe.. Here I created some dupe entry in my test alias. And a new one - to make sure its in there, etc.. So I added 192.168.6.100, as you can see none of the dupes are shown, but the 6.100 is there now along with the others.

                newtable.jpg

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                F 1 Reply Last reply Reply Quote 0
                • F
                  furom @johnpoz
                  last edited by furom

                  @johnpoz said in Last IP of an Alias is not used???:

                  why..

                  Because if I don't, that address is blocked, despite being defined in the alias... of which all the rest of the addresses work as they should (aka is not blocked)

                  This whas the point of the question/post... I don't get why this last one does not get processed (or seems not to be).

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @furom
                    last edited by

                    @furom is it in the table? Remove your dupes of this IP, and look in the table..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      furom @johnpoz
                      last edited by

                      @johnpoz said in Last IP of an Alias is not used???:

                      @furom is it in the table? Remove your dupes of this IP, and look in the table..

                      Removed it, reloaded filters just in case, and yes, all 6 addresses are still there. But now it gets blocked again. I have no real good way of testing if the last in each alias does the same, but would be interesting. I have only noted this one though

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Galactic Empire @furom
                        last edited by SteveITS

                        @furom Tried, can't duplicate.

                        Alias with 5 IPs in LAN subnet, mine last
                        rule allow ICMP to pfSense from alias
                        rule reject ICMP to pfSense from LAN Net

                        Can ping. Removed the allow, waited for the state to expire, can't ping.

                        Interestingly, the test alias does not show up in Diag/Tables until it is used in a rule. Didn't expect that but it makes sense.

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote ๐Ÿ‘ helpful posts!

                        F 1 Reply Last reply Reply Quote 0
                        • F
                          furom @SteveITS
                          last edited by furom

                          @steveits said in Last IP of an Alias is not used???:

                          @furom Tried, can't duplicate.

                          Alias with 5 IPs in LAN subnet, mine last
                          rule allow ICMP to pfSense from alias
                          rule reject ICMP to pfSense from LAN Net

                          Removed the allow, waited for the state to expire, can't ping.

                          Interestingly, the test alias does not show up in Diag/Tables until it is used in a rule. Didn't expect that but it makes sense.

                          Understood, and appreciated. As it has an easy workaround it's really not a big problem. Was just curious if anyone else had the same, and apparently not, which is all good. :) Thanks for testing!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.