pfBlockerNG-devel v2.2.5_28 > IP > Reputation: I get .../pfblockerng/pfblockerng_reputation.php 404 not found

provels

@nzkiwi68 FWIW (every penny paid...), I'd click "Save settings" in pfB, uninstall and reinstall. And make sure it installs completely before you change pages in the GUI.

BBcan177

Try to copy and paste the key as plain text.

nzkiwi68

@BBcan177 Of course, I tried that again just now... still no joy.
It appears that it is not really saving the token or using the token despite anything I've tried..

My best guess is the old firewall cluster was pfSense 2.3 something and pfBlockerNG old version, upgraded over the past 2 years and something must be left in the current config which is causing pfBlockerNG to misbehave.

Is there anything deeper we can look at?

nzkiwi68

Also a significant point is the backup firewall in the HA cluster is exhibiting exactly the same problem.

If I try and add a new token directly to the backup firewall etc, the same issue occurs, it cannot and will not download the geolite2 database stating "401 Unauthorized"

I really think I'm bumping into a bug, probably something to do with upgrading from;

• pfBlockerNG
• pfBlockerNG-devel

nzkiwi68

On the backup firewall.

• Untick pfBlockerNG "keep settings"

• Uninstall pfBlockerNG

• Reinstall pfBlockerNG

Only set these minimal settings;
Firewall > pfBlockerNG > General: tick enable pfBlocker
Firewall > pfBlockerNG > IP: enter MaxMind key
Firewall > pfBlockerNG > IP: tick some interfaces for inbound and outbound as required
Firewall > pfBlockerNG > IP: enable "floating rules:
Firewall > pfBlockerNG > IP: enable "kill states"

Run Firewall > pfBlockerNG > Update

UPDATE PROCESS START [ 01/14/20 08:11:05 ]

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds
** DNSBL Disabled **

===[ GeoIP Process ]============================================

MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...

Download Process Starting [ 01/14/20 08:11:06 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 01/14/20 08:11:07 ]

===[ Aliastables / Rules ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

===[ Kill States ]==================================================

Firewall state(s) validation for [ 744 ] IPv4 address(es)...
Firewall state(s) validation for [ 2 ] IPv6 address(es)...
No matching states found

======================================================================

UPDATE PROCESS ENDED [ 01/14/20 08:11:09 ]

BBcan177

@nzkiwi68
Only other thing I can suggest is that Maxmind is blocking your wan ip. Are you going out of a vpn connection? Try without.

nzkiwi68

@BBcan177 No VPN

It was working on the old SG-4860 HA cluster, I'm sure if I plugged them back in, it would work.
Can you give me a cmd I can run in the shell that should download the DB?
I can modify the code you give me and put in my token...

I expect that will work and prove there's something amiss with this pfBlocker installation

nzkiwi68

Could it be a rights permission for the local directory where pfBlockerNG tried to save the Geolite2 DB files?

nzkiwi68

I can ping dev.maxmind.com...

nzkiwi68

I think MaxMind may have changed everything and broken pfBlocker.

After logging onto the MaxMind, reading their blog on how to directly download;
https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads

I create the following URL;
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-country&license_key=XXXXXXXXX&suffix=tar.gz

Where XXXXX is my token / key, but it won't won't download using a browser.

RonpfS

@nzkiwi68 said in pfBlockerNG-devel v2.2.5_28 > IP > Reputation: I get .../pfblockerng/pfblockerng_reputation.php 404 not found:

I think MaxMind may have changed everything and broken pfBlocker.

After logging onto the MaxMind, reading their blog on how to directly download;
https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads

I create the following URL;
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-country&license_key=XXXXXXXXX&suffix=tar.gz

Where XXXXX is my token / key, but it won't won't download using a browser.

I get : "Database edition not found" in FireFox.

BBcan177

@nzkiwi68

The URLs that pfBlockerNG uses are here for the MaxMind databases:
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng.php#L70-L84

You can see from your screenshots/posts that it connects to MaxMind and gets "Authorization denied"... So its something on MaxMinds side blocking or rate-limiting you. If you attempt too many downloads in one day than that could block your WAN IP. There is no posted literature on the MaxMind website that indicates their limiting details.

You can try to change your WAN IP if its dynamic and see if that helps. Also login to your MaxMind Account and see the Download History to see how many downloads you completed today.

Other than that, I would contact MaxMind and see what their support has to say. I don't see any issues with the package from the details that you have posted here.

If it is MaxMind blocking you, then you might need to wait 24 hours. Alternatively download the files from another site and copy them to the /usr/local/share/GeoIP folder and run this command to extract them:

php -f /usr/local/www/pfblockerng/pfblockerng.php ugc

nzkiwi68

Fixed!!!

Oh my goodness, a bit embarrassing, but, in the interests of helping everyone (at my own expense <grin>) the issue is;

I was using the TOKEN you get when you sign up for MaxMind and didn't go off and generate an a proper actual LICENSE KEY!

That's may bad...

This test URL is good for seeing if it works...
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-country&license_key=XXXXXXXXX&suffix=tar.gz

Replace XXXX with your license key that you get inside MaxMind when you generate it!

BBcan177

Also confirm that you used the correct MaxMind Key generation as the other Key types will not work.

Enter a "License key description", Select "yes" for "GeoIP Update", and select the License key for "version 3.1.1 or newer" and confirm.

nzkiwi68

The reason I got caught, is I setup a bunch of other sites and put into their pfBlockerNG their new MaxMind token (wrong!!!) by mistake.

They all seemed to work, because, they already had a copy of the GeoIP DB downloaded. In reality they won't actually work when they go and try and update...

Now, this site, with the firewall hardware change was all new, no existing DB and couldn't download the DB at all, hence the problem with using the token (wrong) instead of generating and using the license key caught me out....

nzkiwi68

@BBcan177 Thanks for your help.

Sorry I have wasted your time.

lastly, pfBlockerNG is amazing. It just makes pfSense so much more powerful as a great firewall solution.