Netgate Website issues
-
@jonathanlee thanks for the offer - but there should be NOTHING you should be able to do on your end that would have the forum report rfc1918.. If there was I would say that is a bit of a problem, because then anyone could just spoof what IP they are connecting from.. Lets see if any of the admins answer in the thread I started in the admin section..
-
@johnpoz thanks for checking. I am going to clear the squid catch maybe it has an invasive container. The firewall is set to block rfc1918 on the wan interface, shouldn't it not allow this?
(Image: WAN config with rfc1918 traffic block option radio button set) -
@johnpoz my first thought is XFF being passed through.
-
@michmoor xff is set to default in squid
-
@jonathanlee Right so i think thats how netgate is seeing your real IP. Generally its not considered an issue.
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor should I disable this, I thought this was needed so it can find the machine behind the proxy. Why is it stripping the ISP IP? I am going to set it to transparent, see if it fixes it. I have no HA system and or webservers running. I have a global protect vpn client that connects to the university but that's not running now. I have to wait until my wife is done with work stuff so I can change it over, or she will get mad at me.
-
@michmoor said in Netgate Website issues:
i think thats how netgate is seeing your real IP
Huh? While there are entries in his profile for actual public IPs.. There is something wrong if the forum is recording some rfc1918 address.
-
@johnpoz said in Netgate Website issues:
@jonathanlee I am going to asks the mods - looking to see if I could see what IP you were coming from and maybe something odd with the geoip on etc..
Seeing quite a few entries like this for you
IP Address: 192.168.1.5
At a loss to how that could be.. How exactly would you be connecting to the forum site with a rfc1918 address?
@stephenw10 any clue to how that could be? Look at his user info..
I had to read this post 3 times and i still find this incredible. Im super curious now what the problem might be and how is is this even possible.
-
@nimrod said in Netgate Website issues:
Im super curious now what the problem might be and how is is this even possible.
well If I find out - be happy to share, I do find it very odd.. I could see maybe if he was a netgate guy, actually on the netgate network then ok.. But I am pretty sure that is not the case ;)
-
@johnpoz To confirm, I am not on the Netgate LAN, I am a university student. I would love to program for Netgate one day, again I am just a student not a Netgate guy. Is a freeBSD Jail connecting/container connecting at times for updates? Just a one off while its VPN(ing) in ? Is there a CPUID to check for containers like bit 31 used for virtual hosts in assembly code that can check? Example of bit 31 use in action below.
I wrote some code at Sacramento State to check CPUIDs again I am also searching for something that would provide signatures what containers are running. Here is my assembly code program in action.
(CPUID 1)
(CPUID 1 EDX)
(CPUID 7 and CPUID 0x40000000)I wanted to share how you can check for Virtual software, again there has to be something to check for containers running in the accelerator cache and force a purge if it finds invasive containers based on a "cpuid" command in assembly code. Containers are a major issue when they are used to abuse.
Keep in mind my program is running inside of the educational system. They have to a CPUID for signature detections of instances of running containers. Currently CPUID only checks to see if your virtualized that I know of. With that in mind containers or FreeBSD Jails can get on the accelerator cache if your using dynamic cache as you have to set max items to GBs for it to work with caching Windows updates. It could in theory be set to auto purge when a signature shows, that is if "if" there is a CPUID for containers.
-
@johnpoz Just a theory. Considering we're passing through a proxy on the client side and i would presume a proxy on the forum side, the XFF header is being passed through. Its the only reason i can come up with how the real IP is being seen. Could be wrong.
-
@michmoor I have no insight into how the forum is setup, or if behind a proxy or load balancer, etc. While yeah I would assume its prob behind something.. If that is what is happening should be fixed, because that is not a good config - anyone could then just do that on purpose and pass whatever IP they want to be logged by the forum, etc.
-
Hmm, curious.
It can only be Squid including the original source IP in the http header and the forum using that somehow. I'm not aware how you might actually do it though....
getverdict.com appears to be a legit service for shopify that we are using. However it should not be blocking you from Sacramento! Assuming that's where you're coming from.
-
@stephenw10 yes I am Sacramento Metro area. But on a smart phone right now, I changed it to transparent. That is weird.
-
If you're still seeing that blocked when using a public IP that's in the US let me know and I'll ping our admins.
-
@stephenw10 X-forwarded header mode set to transparent fixed the issue.
I can add items to the cart and browse the website again without blocking the getverdict service.
-
@jonathanlee Sounds like my theory was a bit true. Still don't know why XFF would affect this.
-
@michmoor I set it to transparent and it's good to go. I kept thinking maybe a container or FreeBSD jail was running that connected to something. But the transparent mode fixed it.
