curl error 7 on all downloads

Koent

Hello,

pfBlockerNG stopped updating all lists. The DNSBL update reports

MS_2 ] Downloading update . cURL Error: 7
Retry in 5 seconds...
. cURL Error: 7
Retry in 5 seconds...
. cURL Error: 7
Retry in 5 seconds...
.. unknown http status code | 0

[ DNSBL_BBcan177 - MS_2 ] Download FAIL [ 10/06/19 16:53:08 ]
Firewall and/or IDS (Legacy mode only) are not blocking download.

Restoring previously downloaded file
.

Orig. Unique # Dups # White # TOP1M Final

17365 16985 1793 0 0 15192

IPv4 count=3

This is happening to all lists.

I tried accessing https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw from a browser and this works.

Diagnostic ping gives a problem :
When using LAN as the source address, ping fails. When using VPN interfaces or WAN, ping gets replies.

When I ping from a machine inside the LAN-network, ping works.

I have no idea what's happening or where to start troubleshooting.

Any help would be appreciated.

provels

@Koent I'm not seeing any errors (using the devel version). You may want to see if there is an updated package after making sure you have checked the "Keep Settings" checkbox on the General page.

Gertjan

@Koent : check your DNS on pfSense.
Can it resolve ? Try pinging using GUI, or better, console access to i.e. google.com

Koent

@Gertjan Thanks. DNS is working. As I said, I tried to ping several servers serving the lists. If I can ping them from my PC, I can ping them via diagnostics - ping without problems, if I don’t use the LAN interface as a source. PPPoE (WAN) and VPN interfaces work without issues.

Gertjan

@Koent said in curl error 7 on all downloads:

.... I tried to ping several servers serving the lists. If I....

ping 8.8.8.8

will work just fine - even when no DNS is a viable.

I should have said (as you) :

ping google.com

or some other URL that needs DNS resolving first. This test abuses 'ping' somewhat : we are only interested in the resolve part, not the actual ping replies.

I tested 'curl ' :

[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: curl https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw > testfile.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  476k  100  476k    0     0  1313k      0 --:--:-- --:--:-- --:--:-- 1313k

The file testfile.txt was created with many URL's.

Koent

Thanks. Did you test from your ‘default interface’, or did you specify an interface please?

Gertjan

As shown :
@Gertjan said in curl error 7 on all downloads:

[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: curl https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw > testfile.txt

I logged in using Putty ans SSH.
Menu option 8.
I typed the command :

curl https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw > testfile.txt

Koent

Many thanks for the help. I have found the problem. I recently changed my WAN interface From DHCP to PPPoE and the default gateway changed to the VPN routing group.

It is not as if I analyse the FW daily so I forgot about it.

Gertjan

@Koent said in curl error 7 on all downloads:

analyse the FW daily

Me neither.
But I do check 'basic' operations when changing 'major' things like interfaces that deal with outgoing traffic.
In this case : because the NIC called WAN (actually : PPPoE) now faces the Internet directly. Before, pfSense was probably hidden behind another router (no standard, but normal for a DHCP client mode). Now, it's time to re check and double check your WAN rules : typically none should be there exception NAT rules.