Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New installation and packages.netgate.com issues

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 858 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nibblet
      last edited by

      Hi there,
      I have a new installation of pfsense 2.5 just completed yesterday and this installation only has internet access via a proxy server, and only via whitelisted domains.

      After setting the pfsense firewall up I set the proxy server and took a gander at the logs to see what domains I should be whitelisting.

      packages.netgate.com seemed to be a common theme, so I added this in my whitelist and started seeing accepts in the proxy logs, however the firewall was still complaining.

      Taking a closer look, it seems that packages.netgate.com doesn't actually exist and (checking my own home firewall installation and forcing that through a proxy) it appears that it is using files01.netgate.com - no problem, I added that as well, yet still nothing was working. (I was trying to get a package list populated and some base packages installed such as the open-vm-tools package)

      looking at the command line pkg utility I checked (via 'set') that the proxy was set, then rand a 'pkg update -f'

      Failed, and was going to packages.netgate.com. I then compared the /usr/local/etc/pkg/repos/pfSense.conf files and they were the same, weird.

      Running truss on the home firewall, I noticed it appeared to be getting its package repo information from an sqlite database and not the packages file yet the newly installed one wasn't. (to be fair, I have yet to run truss on the newly installed one)

      I then tried altering the pkg repo to point to files01.netgate.com and the package list got populated, cool beans!.

      I then attempted (via the WebUI) to install the open-vm-tools package and this failed.

      it also seems that somewhere along the line it reset my repo edits back to packages.netgate.com which doesn't exist.

      Is this expected behaviour? Is it possible to force files01.netgate.com to be the default repo?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Nibblet
        last edited by

        See if this helps. packages.netgate.com Has no A/AAAA Record

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        N 1 Reply Last reply Reply Quote 0
        • N
          Nibblet @SteveITS
          last edited by

          @teamits Ahh, thanks for that, that helps a lot, altho now I am left with an interesting pickle on how to solve this, as I don't believe the proxy server is clever enough to look up a SRV (it only sees the http request) record and there is no external DNS.

          However, I could probably setup an internal 'dummy' netgate.com domain with SRV records mimicking what's outside which may be enough to poke the firewall to pickup the right domain, the issue would be somehow keeping this up to date.

          At least I know why its not working now :-)

          GertjanG L 2 Replies Last reply Reply Quote 0
          • GertjanG
            Gertjan @Nibblet
            last edited by Gertjan

            @nibblet said in New installation and packages.netgate.com issues:

            as I don't believe the proxy server is clever enough to look up a SRV (it only sees the http request) record

            If the proxy only deals with http, why should it block - and not deal with - ordinary DNS request ?

            pfSense isn't the only one using more then MX/A/AAAA/CNAME records.
            There are many other DNS record types.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • L
              luisenrique @Nibblet
              last edited by

              @nibblet said in New installation and packages.netgate.com issues:

              @teamits Ahh, thanks for that, that helps a lot, altho now I am left with an interesting pickle on how to solve this, as I don't believe the proxy server is clever enough to look up a SRV (it only sees the http request) record and there is no external DNS.

              However, I could probably setup an internal 'dummy' netgate.com domain with SRV records mimicking what's outside which may be enough to poke the firewall to pickup the right domain, the issue would be somehow keeping this up to date.

              At least I know why its not working now :-)

              how you solve this problem? thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.