Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [ pfB_PRI3 - WatchGuard ] Download FAIL

    pfBlockerNG
    3
    9
    1288
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mr. Jingles last edited by

      In the log, apparently day after day for a month.

      But:  8)

      1. "Firewall and/or IDS are not blocking download."
      2.  http://www.reputationauthority.org/toptens.php simply opens the website.

      It's set to AUTO FLEX, and I think it used to work like that in the past.

      What stupid thing might I have done that suddenly caused this?

      Thank you  :-*

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        Are you on the latest version of the pkg? 2.1.1_4?

        I added that list in a test VM just now (set to auto) and it downloaded without issues…

        Can you ping from the pfSense box to this Domain?

        ping reputationauthority.org
        

        You might have some voodoo in your box?  :P

        1 Reply Last reply Reply Quote 0
        • BBcan177
          BBcan177 Moderator last edited by

          To update:  ;D

          So in my Test VM, that's being blocked by another List (our friends at - BT_Spyware) … So I would need to whitelist this IP to allow it to download...

          [ RepAuth ]              Downloading update . cURL Error: 56
          Recv failure: Connection reset by peer Retry in 5 seconds…
          . cURL Error: 56
          Recv failure: Connection reset by peer Retry in 5 seconds...
          . cURL Error: 56
          Recv failure: Connection reset by peer Retry in 5 seconds...
          .. unknown http status code

          [ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ]
          [ 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]

          Restoring previously downloaded file contents… completed ..

          Aggregation Stats:
            ------------------
            Original Final
            ------------------
            74      36
            ------------------

          1 Reply Last reply Reply Quote 0
          • M
            Mr. Jingles last edited by

            Thanks for your help, BB  :-*

            (Yes, I'm on the latest and greatest pkg).

            From Diagnostics/ping:

            
            PING reputationauthority.org (63.251.171.2): 56 data bytes --- reputationauthority.org ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss
            

            Same when I do it from a LAN client; all packets lost.

            Pinging Google is no problem, 'though.

            Now the problem is: how did you found out/diagnosed this? Because I see this in your reply:

            
            [ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ]
             [ 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]
            

            Yet all I get is:

            [ pfB_PRI3 - WatchGuard ] Download FAIL [ 09/18/16 19:03:33 ]
              Firewall and/or IDS are not blocking download.
            
              Restoring previously downloaded file contents 
            

            And to add to my confusion:
            1. System/firewall logs is not showing anything for the blocked IP (63.251.171.2);
            2. pfBlockerNG alerts doesn't show it;
            3. Snort isn't showing it;
            (4. pfBlockerNG error log doesn't show it).

            So how did you find this out?

            (And since 1-4, where I should whitelist this IP I have no clue :P ;D ).

            Thanks again BB ;D

            1 Reply Last reply Reply Quote 0
            • RonpfS
              RonpfS last edited by

              If the block comes from pfBlockerNG this should tell you which table it is in:

              grep "63\.251\.171" /var/db/aliastables/* /var/db/pfblockerng/* /var/db/pfblockerng/*/*
              

              Then check that the table in question has logging enabled.
              If the table is an Alias type , then check that the FW rules that uses it has logging enabled.

              1 Reply Last reply Reply Quote 0
              • M
                Mr. Jingles last edited by

                Thank you Ron  :D

                BB: isn't the not-reporting-no-logging a bug?

                1 Reply Last reply Reply Quote 0
                • BBcan177
                  BBcan177 Moderator last edited by

                  @Mr.:

                  Thank you Ron  :D

                  BB: isn't the not-reporting-no-logging a bug?

                  I think the issue is the Watchguard (Rep Authority) is now blocking non-humans from downloading this page… Best to disable for a few days (to see if its just rate-limited for 24hrs or something)... But if it persists, then best to just disable/remove the feed....

                  Normally this error below means that a connection was established with a server but that connection was closed by the remote server. (Recv):

                  Recv failure: Connection reset by peer Retry in 5 seconds...
                  
                  1 Reply Last reply Reply Quote 0
                  • M
                    Mr. Jingles last edited by

                    @BBcan177:

                    @Mr.:

                    Thank you Ron  :D

                    BB: isn't the not-reporting-no-logging a bug?

                    I think the issue is the Watchguard (Rep Authority) is now blocking non-humans from downloading this page… Best to disable for a few days (to see if its just rate-limited for 24hrs or something)... But if it persists, then best to just disable/remove the feed....

                    Normally this error below means that a connection was established with a server but that connection was closed by the remote server. (Recv):

                    Recv failure: Connection reset by peer Retry in 5 seconds...
                    

                    Thanks BB.

                    Yet, isn't this a bug:

                    Now the problem is: how did you found out/diagnosed this? Because I see this in your reply:

                    Code: [ pfB_RepAuth - RepAuth ] Download FAIL [ 09/17/16 13:01:08 ]
                    [[size=4] 63.251.171.2 ] Firewall IP block found in: [ BT_Spyware | 63.251.171.0/28 ]
                    Yet all I get is:

                    Code: [ pfB_PRI3 - WatchGuard ] Download FAIL [ 09/18/16 19:03:33 ]
                    Firewall and/or IDS are not blocking download.

                    1 Reply Last reply Reply Quote 0
                    • BBcan177
                      BBcan177 Moderator last edited by

                      @Mr.:

                      BB: isn't the not-reporting-no-logging a bug?

                      Feature … :)

                      Someone needs to find a way to bypass those human validation measures in these sites to get the list to download...

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy