[ pfB_PRI3 - WatchGuard ] Download FAIL
-
In the log, apparently day after day for a month.
But: 8)
1. "Firewall and/or IDS are not blocking download."
2. http://www.reputationauthority.org/toptens.php simply opens the website.It's set to AUTO FLEX, and I think it used to work like that in the past.
What stupid thing might I have done that suddenly caused this?
Thank you :-*
-
Are you on the latest version of the pkg? 2.1.1_4?
I added that list in a test VM just now (set to auto) and it downloaded without issues…
Can you ping from the pfSense box to this Domain?
ping reputationauthority.orgYou might have some voodoo in your box? :P
-
To update: ;D
So in my Test VM, that's being blocked by another List (our friends at - BT_Spyware) … So I would need to whitelist this IP to allow it to download...
[ RepAuth ] Downloading update . cURL Error: 56
Recv failure: Connection reset by peer Retry in 5 seconds…
. cURL Error: 56
Recv failure: Connection reset by peer Retry in 5 seconds...
. cURL Error: 56
Recv failure: Connection reset by peer Retry in 5 seconds...
.. unknown http status code[ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ]
[ 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]Restoring previously downloaded file contents… completed ..
Aggregation Stats:
------------------
Original Final
------------------
74 36
------------------ -
Thanks for your help, BB :-*
(Yes, I'm on the latest and greatest pkg).
From Diagnostics/ping:
PING reputationauthority.org (63.251.171.2): 56 data bytes --- reputationauthority.org ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet lossSame when I do it from a LAN client; all packets lost.
Pinging Google is no problem, 'though.
Now the problem is: how did you found out/diagnosed this? Because I see this in your reply:
[ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ] [ 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]Yet all I get is:
[ pfB_PRI3 - WatchGuard ] Download FAIL [ 09/18/16 19:03:33 ] Firewall and/or IDS are not blocking download. Restoring previously downloaded file contentsAnd to add to my confusion:
1. System/firewall logs is not showing anything for the blocked IP (63.251.171.2);
2. pfBlockerNG alerts doesn't show it;
3. Snort isn't showing it;
(4. pfBlockerNG error log doesn't show it).So how did you find this out?
(And since 1-4, where I should whitelist this IP I have no clue :P ;D ).
Thanks again BB ;D
-
If the block comes from pfBlockerNG this should tell you which table it is in:
grep "63\.251\.171" /var/db/aliastables/* /var/db/pfblockerng/* /var/db/pfblockerng/*/*Then check that the table in question has logging enabled.
If the table is an Alias type , then check that the FW rules that uses it has logging enabled. -
Thank you Ron :D
BB: isn't the not-reporting-no-logging a bug?
-
@Mr.:
Thank you Ron :D
BB: isn't the not-reporting-no-logging a bug?
I think the issue is the Watchguard (Rep Authority) is now blocking non-humans from downloading this page… Best to disable for a few days (to see if its just rate-limited for 24hrs or something)... But if it persists, then best to just disable/remove the feed....
Normally this error below means that a connection was established with a server but that connection was closed by the remote server. (Recv):
Recv failure: Connection reset by peer Retry in 5 seconds... -
@Mr.:
Thank you Ron :D
BB: isn't the not-reporting-no-logging a bug?
I think the issue is the Watchguard (Rep Authority) is now blocking non-humans from downloading this page… Best to disable for a few days (to see if its just rate-limited for 24hrs or something)... But if it persists, then best to just disable/remove the feed....
Normally this error below means that a connection was established with a server but that connection was closed by the remote server. (Recv):
Recv failure: Connection reset by peer Retry in 5 seconds...Thanks BB.
Yet, isn't this a bug:
Now the problem is: how did you found out/diagnosed this? Because I see this in your reply:
Code: [ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ]
[[size=4] 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]
Yet all I get is:Code: [ pfB_PRI3 - WatchGuard ] Download FAIL [ 09/18/16 19:03:33 ]
Firewall and/or IDS are not blocking download. -
@Mr.:
BB: isn't the not-reporting-no-logging a bug?
Feature … :)
Someone needs to find a way to bypass those human validation measures in these sites to get the list to download...
