2.0.1 update issues
-
Well…
I've found nothing related in the logs to be unable to reach pfsense.com.
I guess DNS looks fine.
Tried nslookup and ping. I just can't reach pfsense.com nor .org, with all sorts of unwanted results..# # hostname pfSense.localdomain # # nslookup www.pfsense.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: www.pfsense.com canonical name = www.pfsense.org. Name: www.pfsense.org Address: 69.64.6.21 # # # ping www.pfsense.com PING www.pfsense.org (69.64.6.21): 56 data bytes ping: sendto: Operation not permitted ping: sendto: Operation not permitted ^C --- www.pfsense.org ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss # # # ping www.pfsense.org PING www.pfsense.org (69.64.6.21): 56 data bytes ping: sendto: Operation not permitted ^C --- www.pfsense.org ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss # # # ping www.nu.nl PING www-nu-nl.gl.sanomaservices.nl (62.69.179.15): 56 data bytes 64 bytes from 62.69.179.15: icmp_seq=0 ttl=247 time=10.825 ms ^C --- www-nu-nl.gl.sanomaservices.nl ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 10.825/10.825/10.825/0.000 msWhat I did find in my system log, was that snort is still running.. and with grepping for snort and squid at ps aux..
Snort and Squid are still running..
I am able to get through the gateway with my desktops browsing and all the other internet services (mail, usenet etc.) but
pfsense gateway, still states there are no packages installed..Fortunately I can reach the forum (by http)…
-
"ping: sendto: Operation not permitted" means something on your system is stopping the ping. If you did that at the console of the firewall, the traffic was dropped (perhaps snort blocked it for some reason?)
-
Yes, but why only pfsense.org/.com?
# ping 69.64.6.21 PING 69.64.6.21 (69.64.6.21): 56 data bytes ping: sendto: Operation not permitted ping: sendto: Operation not permittedFor all others I tried , I get the usual icmp replies.
Since the pfsense gateway states no packages are installed, I have no menu option to go to snort packages/rules settings.
(Killed snort the hard way ( -9 ) and still no success..) -
Not sure why, but I can ping it fine from several different places.
Do you have anything like Captive Portal on/enabled on your WAN or the interface with your default route somehow?
Check Diagnostics > Tables and look in the virusprot table as well as the snort table(s) and see if the IP shows up there.
-
Wow.
Have to look into this snort2c tables thing.
Cleared the list.. and packages seem to be available..
The address 69.64.6.21 was listed there..But.. unfort. still not able to ping. Nor is pfsense able to check if I'm on the latest version.
Tried to install squid.. successful, but.. no menu option. reinstalled menu package.. no result..
Think I'm going to face a day spending on a clean install… :-(
-
If it's in the snort2c table, snort is blocking it. It must still be running or doing something to reload that table.
-
This look like the http_inspect issue : http://forum.pfsense.org/index.php/topic,41533.msg220890.html#msg220890
-
Strange things happened.
Resetting to factory defaults, does not delete all packages, although this is stated in the 'Installed packages', which was empty.But since it indeed is the http inspection, I was not able to browse anymore, or be it very limited.
Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.So far, thanks all!!
-
Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.bdwyer says: Make sure you add your suppression list to the snort interface settings. Change it from default to the list that has that rule.
http://forum.pfsense.org/index.php/topic,43043.msg222725.html#msg222725It works, as you can see here as well:
http://forum.pfsense.org/index.php/topic,43606.msg225992.html#msg225992 -
Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.bdwyer says: Make sure you add your suppression list to the snort interface settings. Change it from default to the list that has that rule.
http://forum.pfsense.org/index.php/topic,43043.msg222725.html#msg222725It works, as you can see here as well:
http://forum.pfsense.org/index.php/topic,43606.msg225992.html#msg225992Many thanks !!
As the second link gave the real hint… adding the suppression list to the snort interface.
