How to rebuild cleared tables
-
Hello, for some time pfSense has had problems updating tables. In particular, I encounter this problem. I created two Alias tables, the first with the numeric IP addresses, the second with the IP FQDN addresses. In NATs it creates 2 rules each time, one with the Alias relating to numeric IPs and the other with the Alias relating to IP FQDNs.
Everything works, but it happens, without a rule, that if I modify the ALIAS FQDN table, it does not update the pfSense tables, with the result that certain FQDN addresses are not accepted.
Is there a way, from the command line, to reset and then rebuild the tables related to the ALIAS?
I thank anyone who has a solution. -
@cloudfacilesrl I do not fully understand your issue. But I will try to answer the part I think I can help with.
A while back a remember reading a post along the lines of "How To Manually Update Alias' but at the time it was over my head. And I cannot find it anymore.
An alias with FQDNs in it is not resolved immediately after selecting save or apply. The default resolve time is every 300 seconds. This can be changed by updating the value in:
System > Firewall & NAT > Alias Hostnames Resolve Interval
I would be careful with setting two low of a value. I am not sure what happens if your resolve interval is lower than the time it takes to actually resolve. (i.e. It takes 260 seconds to resolve all the alias' but you lower the resolve time to 200 seconds. Best case, your system would always be trying to resolve host names.)
Additionally you can monitor the actual contents of an alias to see if the updates have been processed by going to: Diagnostics > Tables
A while back a remember reading a post along the lines of "How To Manually Force Alias' To Update" but at the time it was over my head. And I can find it anymore.
-
Hello, thanks for the answer, the problem is that we often load FQDN aliases in a specific table and in the tables the name resolution is not really done, not only after 300 ms., But also after 1 day.
For this reason I ask if there is the possibility of giving pfSense a command that resets the ALIAS tables and makes them regenerate, otherwise we often find that the FQDN Aliases do not work and for those who do not have static public IPs it is a problem. -
@cloudfacilesrl said in How to rebuild cleared tables:
FQDN
What FQDN ?
You're not trying to resolve google, twitter facebook, etc, right ?
-
Hello, I'll give you an example. If I have a client who has a server behind the firewall and the client wants to connect with RDP, we set up an ALIAS table with the public IPs from which the client connects to authorize RDP access only to those addresses. However, if the client does not have static public IPs, we create a Dyndns for the client and insert the FQDN address in another ALIAS table, which includes the FQDNs.
The problem arises with these latter addresses. -
That's what I'm using.
I have a NAS on my LAN, let call it 'diskstation2', IPv4 = 192.168.1.33.
I have a NAT firewall rule on pfSense :I have a web server, using server IP's (and related host names or FQDN's) somewhere on the Internet.
The access to this NAS is source limited to the alias "SYS_URL", which is my server on the net (last pass rule on WAN interface ) :These host names ( FQDN) don't mean nothing to a firewall, it's the "300" second background resolvers process that take care of things.
I just started an rsync on my remote, data center based, server (it's 'known' using the host names listed above). The rsync is granted access by the NT firewall because it's using an IP that checks (resolves from) with the FQDN used in the rule.
True : these host names are actually static.I'm using the classic DynDNS to access devices at home, where my IP does change every 7 days or so. That always works out for me.
Btw : a solution would be : refuse to implement 'naked' RDP over the Internet, as it's considered very bad practise.
Normally, an OpenVPN is setup, and clients should use their local OpenVPN client to connect to Open server (pfSense or other). When the VPN tunnel is up, RDP is protected and can be addressed using a local host name.edit :
@cloudfacilesrl said in How to rebuild cleared tables:
The problem arises with these latter addresses.
So, it must be a DNS issue.
-
Hello, thank you for your post, but mine is not a simple name resolution problem.
The problem derives from the fact that if you create an alias table with some records, often pfsense does not solve them (absolutely randomly) and does not write them in its tables, this generates on the one hand a table for example with 10 records and, from the another with 6 records.
This is a software problem that does not check between the source and destination tables and does not even report that this discrepancy exists.