DNSBL not starting - lighttpd error
-
I think, the reason why I cannot reach 10.10.10.1 is:
/usr/local/etc/rc.d: ./pfb_dnsbl.sh restart 2023-11-30 15:26:38: (/wrkdirs/usr/ports/www/lighttpd/work/lighttpd-1.4.72/src/mod_openssl.c.2583) ssl.cipher-list is deprecated. Please prefer lighttpd secure TLS defaults, or use ssl.openssl.ssl-conf-cmd "CipherString" to set custom cipher list. 2023-11-30 15:26:38: (/wrkdirs/usr/ports/www/lighttpd/work/lighttpd-1.4.72/src/network.c.588) bind() 10.10.10.1:443: Can't assign requested addressIt is a bit like here: https://forum.netgate.com/topic/179874/failure-when-starting-pfb_dnsbl-service
But I don't have IPv6 enabled. And also using CE.Updated PFBlockerNG today to 3.2.0_7 and it stays thje same behavior.
As seen in the scnreeshot, I run a 2 nodes HA PFSense setup. -
@Orwi said in DNSBL not starting - lighttpd error:
10.10.10.1:443
read through this thread
https://forum.netgate.com/topic/184032/pfb_dnsnl-pfblockerng-dnsbl-service-won-t-start/24?_=1700748361493
but it also looks more like the address you are trying to bind is already in use by something else.. without knowing everything else installed hard to say
that setting is here on the DNSBL tab - (read the warning with the entry and try a different IP see if anything changes, including the note at the very bottom under the Save DNSBL settings)Edit: the bind failure is likely being treated as a silent fatal error, and DNSBL is actually loaded and likely working, but the webpage is not available (because of the bind failure, similar handling to the lib error in the other thread)
-
Doing a update/reload (force) everytime after config change.
Also tried 10.10.10.2 without any change.
Also there is no 10.10.10.1 in the routing table at all. Looking at the small memory consumption, I would also assume it is not running, as it is below normal (13% of 16GB).
To give further information, this is my Custom IP config:
login-to-view -
also disabling, rebooting, enabling (and force reload) doesn't help much here.
Still the thread got me reminded, that in the dashboard widget both stay green.But I imagine, if somehting is replaced with the pfblockng IP and this isn't available, it will stall things. Added: better: it stalles web connections, instead of just replying to it. So website response is often slow (while trying to get to blocked DNS entries)
-
So where is it ?
seems you have several other VIP addresses in the 10.10.10 space, including apparently
Also tried 10.10.10.2 without any change.
which is on the list (vhid 50)
have you tried moving this (the DNSBL VIP) to a completely different isolated address, like maybe 10.10.50.1form the note on the setting page
This address should be in an Isolated Range that is not already used in the Network."Range" likely being the important part.
failing that show us the settings from the DNSBL Webserver Configuration and DNSBL Configuration sections on Firewall -> pfBlockerNG / DNSBL
-
the 10.10.10.2 is seen there, as I made the screenshot after the change from 10.10.10.1.
The vhid50 is just to get some space to other VIPs. I assume it doesn't care if it has neighbour IDs or not.
Also, this VIP has been set by pfblockerng itself.According to my IP knowledge 10.10.10.2/32 is a complete network, as is 10.10.10.1/32
It would be within anothers Network, if I would have e.g. an 10.10.10.x/24 (netmask wider than 32).But as nothing worked I also tried another one:
bind() 10.99.99.99:443: Can't assign requested addressAnd also on port :80 nothing in the route table.
❯ ping 10.99.99.99
PING 10.99.99.99 (10.99.99.99) 56(84) bytes of data.
^X^C
--- 10.99.99.99 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2032ms❯ telnet 10.99.99.99 80
Trying 10.99.99.99...
^X^C -
@jrey said in DNSBL not starting - lighttpd error:
failing that show us the settings from the DNSBL Webserver Configuration and DNSBL Configuration sections on Firewall -> pfBlockerNG / DNSBL
These here?
-
@Orwi said in DNSBL not starting - lighttpd error:
These here?
Nope, the sections we're look for are at
Firewall > pfBlockerNG > DNSBL