pfBlockerNG-devel v2.2.5_28 > IP > Reputation: I get .../pfblockerng/pfblockerng_reputation.php 404 not found

nzkiwi68

Also, cannot get an geo databases to download, I'm getting;
===[ GeoIP Process ]============================================

MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...

Download Process Starting [ 01/13/20 19:48:04 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 01/13/20 19:48:05 ]

***** yet, I have signed up for MaxWind and have a key entered.

To try and fix the issues, I have;

• I've uninstalled pfblockerNG-devel v2.2.5_28 and reinstalled

• Uninstalled pfBlockerNG-devel v2.2.5_28 with keep setting unticked and reinstalled

• Uninstalled pfBlockerNG-devel v2.2.5_28 and installed pfBlockerNG 2.1.4_20 and then upgraded to devel

Help!

What did I do?
Over the weekend I upgraded firewalls. This was an HA cluster of SG-4860 firewalls that over the weekend I have replaced with a an HA cluster XG-1537, both running 2.4.4-p3
I copied out the old config to the new firewalls and hand tuned the config for the interfaces and re-installed the packages, but, it's broken!

nzkiwi68

And the edit function for the countries in each GeoIP ringed is missing too...

nzkiwi68

Shell pfBlocker update failure too...

[2.4.4-RELEASE][admin@ho1.nc.localdomain]/root: php -f /usr/local/www/pfblockerng/pfblockerng.php dc

Download Process Starting [ 01/13/20 21:25:26 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 01/13/20 21:25:27 ]

[2.4.4-RELEASE][admin@ho1.nc.localdomain]/root:

nzkiwi68

"GeoIP Files" log files section reports invalid filename/path despite numerous uninstall/reinstall attempts.

BBcan177

https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality

nzkiwi68

@BBcan177

Yes fully registered... something else is going on...

BBcan177

@nzkiwi68
It's says "not authorized" in the download log.

nzkiwi68

@BBcan177

Ok.... but...

This was an HA pair of SG-4860 firewalls, with the updated pfBlockerNG WITH the MaxMind registration entered and working

Then, config copied out, hand tuned the interfaces, uploaded to a an HA pair of XG-1537

Same MaxMind registration token as before

nzkiwi68

@nzkiwi68 I've tried setting other MaxMind tokens that I have working on other customers, but, no matter what token I seem to put into pfBlocker the Geo IP won't work.

nzkiwi68

Just signed up (again) to MaxMind with a gmail account, got a brand new, shiny, fresh token.

Put into pfBlockerNG-devel v2.2.5_28 and it still won't download GeoLite2

I get:

===[ GeoIP Process ]============================================

MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...

Download Process Starting [ 01/14/20 06:55:09 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 01/14/20 06:55:10 ]

provels

@nzkiwi68 FWIW (every penny paid...), I'd click "Save settings" in pfB, uninstall and reinstall. And make sure it installs completely before you change pages in the GUI.

BBcan177

Try to copy and paste the key as plain text.

nzkiwi68

@BBcan177 Of course, I tried that again just now... still no joy.
It appears that it is not really saving the token or using the token despite anything I've tried..

My best guess is the old firewall cluster was pfSense 2.3 something and pfBlockerNG old version, upgraded over the past 2 years and something must be left in the current config which is causing pfBlockerNG to misbehave.

Is there anything deeper we can look at?

nzkiwi68

Also a significant point is the backup firewall in the HA cluster is exhibiting exactly the same problem.

If I try and add a new token directly to the backup firewall etc, the same issue occurs, it cannot and will not download the geolite2 database stating "401 Unauthorized"

I really think I'm bumping into a bug, probably something to do with upgrading from;

• pfBlockerNG
• pfBlockerNG-devel

nzkiwi68

On the backup firewall.

• Untick pfBlockerNG "keep settings"

• Uninstall pfBlockerNG

• Reinstall pfBlockerNG

Only set these minimal settings;
Firewall > pfBlockerNG > General: tick enable pfBlocker
Firewall > pfBlockerNG > IP: enter MaxMind key
Firewall > pfBlockerNG > IP: tick some interfaces for inbound and outbound as required
Firewall > pfBlockerNG > IP: enable "floating rules:
Firewall > pfBlockerNG > IP: enable "kill states"

Run Firewall > pfBlockerNG > Update

UPDATE PROCESS START [ 01/14/20 08:11:05 ]

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds
** DNSBL Disabled **

===[ GeoIP Process ]============================================

MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...

Download Process Starting [ 01/14/20 08:11:06 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 01/14/20 08:11:07 ]

===[ Aliastables / Rules ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

===[ Kill States ]==================================================

Firewall state(s) validation for [ 744 ] IPv4 address(es)...
Firewall state(s) validation for [ 2 ] IPv6 address(es)...
No matching states found

======================================================================

UPDATE PROCESS ENDED [ 01/14/20 08:11:09 ]

BBcan177

@nzkiwi68
Only other thing I can suggest is that Maxmind is blocking your wan ip. Are you going out of a vpn connection? Try without.

nzkiwi68

@BBcan177 No VPN

It was working on the old SG-4860 HA cluster, I'm sure if I plugged them back in, it would work.
Can you give me a cmd I can run in the shell that should download the DB?
I can modify the code you give me and put in my token...

I expect that will work and prove there's something amiss with this pfBlocker installation

nzkiwi68

Could it be a rights permission for the local directory where pfBlockerNG tried to save the Geolite2 DB files?

nzkiwi68

I can ping dev.maxmind.com...

nzkiwi68

I think MaxMind may have changed everything and broken pfBlocker.

After logging onto the MaxMind, reading their blog on how to directly download;
https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads

I create the following URL;
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-country&license_key=XXXXXXXXX&suffix=tar.gz

Where XXXXX is my token / key, but it won't won't download using a browser.