Problem after pfBlockerNG-devel 3.0.0_16 update
-
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
What does GeoIP PR mean?
Porto Rico
grep "172.58.88." /usr/local/share/GeoIP/cc/*.txt /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/PR_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/US_rep_v4.txt:172.58.88.0/21 -
@ronpfs said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
What does GeoIP PR mean?
Porto Rico
grep "172.58.88." /usr/local/share/GeoIP/cc/*.txt /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/PR_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/US_rep_v4.txt:172.58.88.0/21Why Porto Rico if I am I San Francisco CA ?!
-
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
Why Porto Rico if I am I San Francisco CA ?!
Review North America GeoIP settings.
-
I don’t see what to review there :(
All countries except USA selected and I did not touch it for long time
And then why T-Mobile net blocked ?
PR_v4
172.58.88.0/21That seems like main suspect, no ?
-
@chudak You have 80 IPv4 items selected, click on the "..."
-
-
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
And then why T-Mobile net blocked ?
GeoIP isn't perfect, and only update once a month.
Put that IP or range in a Permit group, or change strategy from Blocking the world to Allowing some countries ;-)
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
In addition adding to the whitelist does not seem to be working
clicked on + in the psBNG report and added the IP
force reload
the IP is shown as added
verified it's listed in "IPv4 Custom_List"
verified pfB_Whitelist_v4 rule is on top of the FW rulesping still blocked by pfB_NAmerica_v4 auto rule (1770009871)
?!
(Tried disabled North America in GeoIP, after force reload - traffic pass)
-
-
@chudak Maybe... "Allowing the world to blocking some countries". Its more dificult to block all and let a few be allowed than allow (almost) everything and block specific traffic imo.
-
@gerardomdp said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak Maybe... "Allowing the world to blocking some countries". Its more dificult to block all and let a few be allowed than allow (almost) everything and block specific traffic imo.
I agree, it was a bit confused by this :)
-
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
verified pfB_Whitelist_v4 rule is on top of the FW rules
What does your FW Rules look like ? Did you click the "Quick" box?
You can use the Report tab "+" to create a Whitelist group and see how it's configured. -
@ronpfs said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
verified pfB_Whitelist_v4 rule is on top of the FW rules
What does your FW Rules look like ? Did you click the "Quick" box?
You can use the Report tab "+" to create a Whitelist group and see how it's configured.The rule looks like:
Little confused by White_List_ports, but I never modified it manually
Port 80, don't know why.
Quick "Apply the action immediately on match." checked
Anything wrong ?
-
Something is really fishy.
Either my North America setup all of the sudden got messed or pbBNG messed the GeoIP list or the MaxMind GeoIP list is bad.
I did some testing pinging my router from different locations using NordVPN:
SF CA 172.58.94.230 blocked by pfB_NAmerica_v4 (PR_v4 172.58.88.0/21) (no VPN) SF CA 192.145.118.74 blocked by pfB_NAmerica_v4 (DE_rep_v4 192.145.116.0/22) NY NY 185.187.243.230 blocked by pfB_Top_v4 (DE_rep_v4 185.187.243.0/24) Dallas 107.158.15.75 passed Atlanta 92.119.17.244 blocked by pfB_Top_v4 (GB_rep_v4 92.119.16.0/22)Why CA is PR, DE, NY -- DE, Atlanta -- GB ???
Kill me I don't know.To make it even more spicy - I asked a couple of fiends to ping me from different phones, located not in SF, and they were successful from AT&T and T-Mobile (!!!)
Anybody has a hypothesis ?
-
@chudak Your FW Rules is only for TCP/IP, you need FW Rules to allow ICMP if you wanna use Ping.
You can search de GeoIP .txt files for the Networks that puzzle you.
There are probably good guides or posts on how to configure your pfSense to achieve your goals.
-
@ronpfs said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak Your FW Rules is only for TCP/IP, you need FW Rules to allow ICMP if you wanna use Ping.
Of cause, I have FW rule to allow ICMP, otherwise I won't be able to ping at all !
You can search de GeoIP .txt files for the Networks that puzzle you.
There are probably good guides or posts on how to configure your pfSense to achieve your goals.
You seem to be suggesting a mis-configuration, which is possible. But I've provided a detailed tests and settings, that can be repeated and/or confirmed and/or proofed wrong.
What exactly do you suspect wrong with the settings based on what's shown ?
One note - the same pfBNG configuration has been in use with no issues for long time.
-
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@ronpfs said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak said in Problem after pfBlockerNG-devel 3.0.0_16 update:
What does GeoIP PR mean?
Porto Rico
grep "172.58.88." /usr/local/share/GeoIP/cc/*.txt /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/North_America_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/PR_v4.txt:172.58.88.0/21 /usr/local/share/GeoIP/cc/US_rep_v4.txt:172.58.88.0/21Why Porto Rico if I am I San Francisco CA ?!
I am still straggling with this ....
Do you have an explanation why in your grep 172.58.88.0/21 i slisted in 4 GeoIP lists North_America, PR_v4, US_rep?
-
@chudak
From any GeoIP tab : Click here for IMPORTANT info --> What's new in GeoIP2 -
@ronpfs said in Problem after pfBlockerNG-devel 3.0.0_16 update:
@chudak
From any GeoIP tab : Click here for IMPORTANT info --> What's new in GeoIP2Cool, so far I don't see what's wrong. Do you ?
I had a chat with MaxMind support and one thing jumped at me "it looks like the "registered country" for that IP address range is Germany. I'm wondering if pfSense is looking at that instead of the "country""
That's interesting
It'd be good to have a NordVPN and GeoIP user here to confirm this....
