4. Regra de firewall com aliases no pfsense parando.

Regra de firewall com aliases no pfsense parando.

  • M

    Pessoal e amigos da comunidade.

    Boa Noite!

    Tenho notado um comportamento estranho no Firewall no seguinte Cenário:

    • Tenho uma regra de Firewall criada para liberar algumas Máquinas (exceções) para navegar sem proxy. notadamente essa regra deixou de funcionar e somente as Máquinas com proxy setado no Browser ou WPAD continuaram com navegação OK. essas excções deixaram de funcionar! notei que após dá um "Apply" nas regras ela volta a funcionar e para com pouquissimo tempo. oq poderia está ocorrendo ?
    0

  • Primeiro lugar para olhar são oa logs, em seguida veja em diagnostic ->  tables se o alias tem os ips que cadastrou.

    0
  • M

    Fala Marcelo, de fato olhei em diagnostic -> tables e o referido aliases possui um único endereço cadastro. Contudo, seria um BUG já que na lista do aliases aparecem todos os 41 endereços IPs ?

    Neste caso a solução seria apagar e criar uma nova lista ?

    Grato pela vossa Atenção!  :)

    0

  • Veja nos logs pra ver se o fw está reportando erros de resolução para esses nomes.

    0
  • M

    Segue o LOG do teste que acabei de fazer.:

    
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57260	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51092	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49611	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50893	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51777	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:56615	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:55981	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57577	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:57	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.233:46543	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51492	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57244	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51467	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57660	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.220:53	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49583	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63353	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.151:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63352	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.149:443	TCP:S
 block/1000000103
May 16 23:23:56	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49471	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000105
May 16 23:23:56	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List [fe80::e68d:8cff:fe3d:4bb6]:5678	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic [ff02::1]:5678	UDP
 block/1000000103
May 16 23:23:56	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.9.9.254:36841	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:5678	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51929	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.231:59027	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.232:43845	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49818	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50838	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49728	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49965	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57868	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:57319	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:23:55	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 0.0.0.0:68	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:67	UDP
 block/1000000103
May 16 23:23:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.40:443	TCP:S
 block/1000000103
May 16 23:23:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51280	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
    0
  • M

    Tentando acessar o GMAIL de outro host e não funfa. ae eu vou e habilito a regra Default da LAN e volta funcionar de boas, contudo minhas demais regras cai por terra.  :(

    
	Time	If	Source	Destination	Proto
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50150	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51045	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51756	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51561	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50750	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:137	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.0.255:137	UDP
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.240:58241	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 180.87.4.151:443	TCP:S
 block/1000000103
May 16 23:36:54	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63437	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50533	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49984	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.192.81.25:80	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:61221	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51584	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63436	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.30:443	TCP:S
 block/1000000103
May 16 23:36:53	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.20:49983	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.192.81.25:80	TCP:S
 block/1000000103
May 16 23:36:53	RNNET	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 60.15.201.56:41065	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 186.250.16.102:23	TCP:S
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.230:43958	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 255.255.255.255:10001	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:49571	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.222.222:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:50253	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 208.67.220.220:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:63435	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.30:443	TCP:S
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.19:51397	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 8.8.8.8:53	UDP
 block/1000000103
May 16 23:36:52	LAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.0.18:61221	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 201.57.155.45:443	UDP
    0

  • Esse não parece ser o log de sistema.

    0
  • M

    Segue o Link da imagem:

    https://drive.google.com/open?id=0B9_oYyt6BqciYjNCRWd5REpzWjg

    0

  • Esse é o log de regras. Procura a aba de logs do sistema operacional.

    0
  • M
     

    Lwast 2000 system log entries
May 16 23:59:59	php-fpm[1305]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 23:59:59	php-fpm[1305]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 23:59:25	php-fpm[1305]: /index.php: User logged out for user 'admin' from: 189.124.218.203
May 16 23:57:59	php-fpm[48180]: /rc.filter_configure_sync: Could not find IPv6 gateway for interface (wan).
May 16 23:57:57	check_reload_status: Reloading filter
May 16 23:57:51	check_reload_status: Syncing firewall
May 16 23:21:45	php-fpm[58898]: /rc.filter_configure_sync: Could not find IPv6 gateway for interface (wan).
May 16 23:21:43	check_reload_status: Reloading filter
May 16 23:21:37	check_reload_status: Syncing firewall
May 16 22:45:28	php-fpm[57316]: /index.php: Successful login for user 'admin' from: 189.124.218.203
May 16 22:45:28	php-fpm[57316]: /index.php: Successful login for user 'admin' from: 189.124.218.203

    Use o [ c o d e ] e [ / c o d e] (sem os espaços )para postar logs, ajuda muito na visualização.

    0
  • M

    Fui em STATUS ->SYSTEM LOGS -> E depois selecionei aba "system". é essa ?

    0

  • Nenhum erro de resolução aparente. Edite e salve o alias novamente e veja como fica a tabela dele no menu diagnostic.

    Olha também nos logs a abs de dns.

    0
  • M

    Editei o aliases e fui em diagnostic -> tablets e continuou aparecendo só um endereço. na aba de DNS observei que existem vários endereços da tabela problematica "IPsLiberados" mandando limpar entrada.

    
May 16 23:35:22	filterdns: clearing entry 192.168.0.214 from table IPsLiberados on host 192.168.0.214
May 16 23:35:22	filterdns: clearing entry 192.168.0.71 from table IPsLiberados on host 192.168.0.71
May 16 23:35:22	filterdns: clearing entry 192.168.0.193 from table IPsLiberados on host 192.168.0.193
May 16 23:35:22	filterdns: clearing entry 138.0.253.166 from table IpsConfiaveis on host 138.0.253.166
May 16 23:35:22	filterdns: clearing entry 192.168.0.1 from table IPsLiberados on host 192.168.0.1
May 16 23:35:22	filterdns: clearing entry 131.253.14.195 from table ipsCaixa on host 131.253.14.195
May 16 23:35:22	filterdns: clearing entry 189.124.236.232 from table IpsConfiaveis on host 189.124.236.232
May 16 23:35:22	filterdns: clearing entry 174.35.87.109 from table ipsCaixa on host 174.35.87.109
May 16 23:35:22	filterdns: clearing entry 192.168.0.173 from table IPsLiberados on host 192.168.0.173
May 16 23:35:22	filterdns: clearing entry 192.168.0.240 from table IPsLiberados on host 192.168.0.240
May 16 23:35:22	filterdns: clearing entry 104.209.132.34 from table ipsCaixa on host 104.209.132.34
May 16 23:35:22	filterdns: clearing entry 192.168.0.206 from table IPsLiberados on host 192.168.0.206
May 16 23:35:22	filterdns: clearing entry 208.82.16.68 from table ipsCaixa on host 208.82.16.68
May 16 23:35:22	filterdns: clearing entry 192.168.0.220 from table IPsLiberados on host 192.168.0.220
May 16 23:35:22	filterdns: clearing entry 138.0.253.166 from table ipsCaixa on host 138.0.253.166
May 16 23:35:22	filterdns: clearing entry 174.35.87.114 from table ipsCaixa on host 174.35.87.114
May 16 23:35:22	filterdns: clearing entry 192.168.0.181 from table IPsLiberados on host 192.168.0.181
May 16 23:35:22	filterdns: clearing entry 192.168.0.20 from table IPsLiberados on host 192.168.0.2
    0
  • M

    na mesma opção diagnostic -> tablets eu consigo visualizar normalmente todos os IPs dos demais aliases. somente este "IPsLiberados" é que tá dando trabalho rsrs

    0

  • Com um alias de ips, isso não deveria estar acontecendo.

    Conferiu o tipo de alias que criou?

    Cria outro alias com os mesmos ips e vê o que acontece

    0
  • M

    Obrigado pelo apoio Marcelo!

    criei um novo aliases, apareceu em tablet e funcinou de boas. vamos observar amnhã como ele irá se comportar, já que essa osilação demorava um pouco rsrs.

    Grato pela ajuda Amigo.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy