Regra de firewall com aliases no pfsense parando.

moisesdfelix

Pessoal e amigos da comunidade.

Boa Noite!

Tenho notado um comportamento estranho no Firewall no seguinte Cenário:

Tenho uma regra de Firewall criada para liberar algumas Máquinas (exceções) para navegar sem proxy. notadamente essa regra deixou de funcionar e somente as Máquinas com proxy setado no Browser ou WPAD continuaram com navegação OK. essas excções deixaram de funcionar! notei que após dá um "Apply" nas regras ela volta a funcionar e para com pouquissimo tempo. oq poderia está ocorrendo ?

marcelloc

Primeiro lugar para olhar são oa logs, em seguida veja em diagnostic -> tables se o alias tem os ips que cadastrou.

moisesdfelix

Fala Marcelo, de fato olhei em diagnostic -> tables e o referido aliases possui um único endereço cadastro. Contudo, seria um BUG já que na lista do aliases aparecem todos os 41 endereços IPs ?

Neste caso a solução seria apagar e criar uma nova lista ?

Grato pela vossa Atenção! :)

marcelloc

Veja nos logs pra ver se o fw está reportando erros de resolução para esses nomes.

moisesdfelix

Segue o LOG do teste que acabei de fazer.:


May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57260	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51092	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49611	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50893	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51777	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:56615	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:55981	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57577	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.233:46543	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51492	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57244	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51467	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57660	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49583	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63353	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.151:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63352	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.149:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49471	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000105
May 16 23:23:56	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List [fe80::e68d:8cff:fe3d:4bb6]:5678	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic [ff02::1]:5678	UDP
 block/1000000103
May 16 23:23:56	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.9.9.254:36841	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:5678	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51929	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.231:59027	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.232:43845	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49818	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50838	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49728	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49965	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57868	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57319	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 0.0.0.0:68	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:67	UDP
 block/1000000103
May 16 23:23:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51280	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP

moisesdfelix

Tentando acessar o GMAIL de outro host e não funfa. ae eu vou e habilito a regra Default da LAN e volta funcionar de boas, contudo minhas demais regras cai por terra. :(


	Time	If	Source	Destination	Proto
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50150	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51045	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51756	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51561	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50750	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.240:58241	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.151:443	TCP:S
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63437	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50533	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49984	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.192.81.25:80	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:61221	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63436	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.30:443	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49983	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.192.81.25:80	TCP:S
 block/1000000103
May 16 23:36:53	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 60.15.201.56:41065	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.250.16.102:23	TCP:S
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.230:43958	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49571	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50253	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63435	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.30:443	TCP:S
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51397	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:61221	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	UDP

marcelloc

Esse não parece ser o log de sistema.

moisesdfelix

Segue o Link da imagem:

https://drive.google.com/open?id=0B9_oYyt6BqciYjNCRWd5REpzWjg

marcelloc

Esse é o log de regras. Procura a aba de logs do sistema operacional.

moisesdfelix

Lwast 2000 system log entries
May 16 23:59:59	php-fpm[1305]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 23:59:59	php-fpm[1305]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 23:59:25	php-fpm[1305]: /index.php: User logged out for user 'admin' from: 189.124.218.203
May 16 23:57:59	php-fpm[48180]: /rc.filter_configure_sync: Could not find IPv6 gateway for interface (wan).
May 16 23:57:57	check_reload_status: Reloading filter
May 16 23:57:51	check_reload_status: Syncing firewall
May 16 23:21:45	php-fpm[58898]: /rc.filter_configure_sync: Could not find IPv6 gateway for interface (wan).
May 16 23:21:43	check_reload_status: Reloading filter
May 16 23:21:37	check_reload_status: Syncing firewall
May 16 22:45:28	php-fpm[57316]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 22:45:28	php-fpm[57316]: /index.php: Successful login for user 'admin' from: 189.124.218.203

Use o [ c o d e ] e [ / c o d e] (sem os espaços )para postar logs, ajuda muito na visualização.

moisesdfelix

Fui em STATUS ->SYSTEM LOGS -> E depois selecionei aba "system". é essa ?

marcelloc

Nenhum erro de resolução aparente. Edite e salve o alias novamente e veja como fica a tabela dele no menu diagnostic.

Olha também nos logs a abs de dns.

moisesdfelix

Editei o aliases e fui em diagnostic -> tablets e continuou aparecendo só um endereço. na aba de DNS observei que existem vários endereços da tabela problematica "IPsLiberados" mandando limpar entrada.


May 16 23:35:22	filterdns: clearing entry 192.168.0.214 from table IPsLiberados on host 192.168.0.214
May 16 23:35:22	filterdns: clearing entry 192.168.0.71 from table IPsLiberados on host 192.168.0.71
May 16 23:35:22	filterdns: clearing entry 192.168.0.193 from table IPsLiberados on host 192.168.0.193
May 16 23:35:22	filterdns: clearing entry 138.0.253.166 from table IpsConfiaveis on host 138.0.253.166
May 16 23:35:22	filterdns: clearing entry 192.168.0.1 from table IPsLiberados on host 192.168.0.1
May 16 23:35:22	filterdns: clearing entry 131.253.14.195 from table ipsCaixa on host 131.253.14.195
May 16 23:35:22	filterdns: clearing entry 189.124.236.232 from table IpsConfiaveis on host 189.124.236.232
May 16 23:35:22	filterdns: clearing entry 174.35.87.109 from table ipsCaixa on host 174.35.87.109
May 16 23:35:22	filterdns: clearing entry 192.168.0.173 from table IPsLiberados on host 192.168.0.173
May 16 23:35:22	filterdns: clearing entry 192.168.0.240 from table IPsLiberados on host 192.168.0.240
May 16 23:35:22	filterdns: clearing entry 104.209.132.34 from table ipsCaixa on host 104.209.132.34
May 16 23:35:22	filterdns: clearing entry 192.168.0.206 from table IPsLiberados on host 192.168.0.206
May 16 23:35:22	filterdns: clearing entry 208.82.16.68 from table ipsCaixa on host 208.82.16.68
May 16 23:35:22	filterdns: clearing entry 192.168.0.220 from table IPsLiberados on host 192.168.0.220
May 16 23:35:22	filterdns: clearing entry 138.0.253.166 from table ipsCaixa on host 138.0.253.166
May 16 23:35:22	filterdns: clearing entry 174.35.87.114 from table ipsCaixa on host 174.35.87.114
May 16 23:35:22	filterdns: clearing entry 192.168.0.181 from table IPsLiberados on host 192.168.0.181
May 16 23:35:22	filterdns: clearing entry 192.168.0.20 from table IPsLiberados on host 192.168.0.2

moisesdfelix

na mesma opção diagnostic -> tablets eu consigo visualizar normalmente todos os IPs dos demais aliases. somente este "IPsLiberados" é que tá dando trabalho rsrs

marcelloc

Com um alias de ips, isso não deveria estar acontecendo.

Conferiu o tipo de alias que criou?

Cria outro alias com os mesmos ips e vê o que acontece

moisesdfelix

Obrigado pelo apoio Marcelo!

criei um novo aliases, apareceu em tablet e funcinou de boas. vamos observar amnhã como ele irá se comportar, já que essa osilação demorava um pouco rsrs.

Grato pela ajuda Amigo.