PfBlockerNG 2.1.1_5 / Pfsense 2.4
-
Thx for your help. I'll start from scratch and report back.
-
One last thing ? Are you using Unbound (and not DNS Forwarder)?
-
Yes, I am using Unbound
Unchecked retain settings, Saved and uninstalled/reinstalled. Not getting any errors at all but still cant get the DNSBL service to start. Maybe someone else can chime in who's on 2.4 who is possibly getting the same issue to confirm.
-
Check Diagnostics / Sockets to see if some other process would have the same ports open
root lighttpd_p 4228 5 tcp4 *:8081 *:* root lighttpd_p 4228 6 tcp4 *:8443 *:*You can also try this in a shell to see if it report error.
/usr/local/etc/rc.d/dnsbl.sh restart -
No other services using those ports
Using the restart command gives me:
2016-12-20 21:00:48: (network.c.603) SSL: couldn't read X509 certificate from '/var/unbound/dnsbl_cert.pem'
-
Does /var/unbound/dnsbl_cert.pem exist?
-
Yup, its there.
-
and it looks like a certificate with
-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -
Looks like this:
–---BEGIN PRIVATE KEY-----
.....
-----END PRIVATE KEY-----
-
Delete the file and do a Force Update to see if this fixes it.
-
I've confirmed that it was deleted, Force Updated and confirmed that it get recreated.
Recreates the same type of format of key with just Begin and End Private Key.
Comes up with the same couldnt read x509 certificate error as before when trying to restart
-
Can you try to use the pem from another 2.3.2 system an test with it.
-
Progress!!
Yup, that let me start the service and its showing up green now, but I'm not seeing any packets being blocked though.
****Disregard that, I see some packet drops, its working. Sweet, thank you.
-
Try http://10.10.10.1
-
Blank page and the browser title bar says 10.10.10.1 (1x1)
That correct?
-
Yes
-
Thanks again, Ron. Is this easily resolved for a permanent fix?
2.1.1_6?
-
Can't tell,
maybe we will get a patch, or another release, or back to 2.1.1_4, only BBcan177 can tell.But now we know where the problem is.
-
Can't tell,
maybe we will get a patch, or another release, or back to 2.1.1_4, only BBcan177 can tell.But now we know where the problem is.
Testing a patch now… Will update in a day or so...
-
PM sent, code changes seem to fix the problem perfectly.
