Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    potential (old/new?) bug in Alias Table management

    Firewalling
    1
    1
    92
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by JeGr

      Hi,

      as there are quite a few tickets open/closed about alias/dnsfilter management and problems, I wanted to verify, if my problem is already addressed in some of the redmine tickets as I can't seem to exactly find it - or if my problem still exists.

      Version is plus 22.05 (but was also happening in 2.6):

      Prereq:

      • created a big network type alias for VPN PBR routing
      • I use said alias to route various IPs /32 or bigger netmasks via our company VPN so the access to said IPs is coming from our office IP or I have access to internal ressources
      • that alias has multiple IP/CIDR entries and a handful of FQDNs for DynDNS customers

      Today I debugged a problem, that I couldn't seem to reach a new internal network.

      Problem:

      • edited my PBR alias
      • changed entry from 10.0.0.0/24 to 10.0.0.0/22
      • save & apply
      • tried accessing 10.0.1.123 -> not working (was routed via WAN instead of via VPN)
      • checked Diag/Tables -> Entry in Alias is still showing 10.0.0.0/24

      I then tried:

      • Tried clearing the complete Alias -> alias is not repopulated after saving it again.
      • Adding another IP/network only adds the new single CIDR entry to the alias, the other 50+ are gone.
      • changing the name of the alias: that repopulated the OLD & WRONG values to the new name but better then nothing
      • changing the name back to the old one has still the wrong netmask at that entry (still /24 instead of /22)
      • adding a NEW entry of 10.0.0.0/22 on the bottom of the list results in Diag/Tables now showing both 10.0.0.0/24 (wrong & not refreshed) as well as the new 10.0.0.0/22 (from the added network) in the alias.
      • deleting the old entry deletes the wrong /24 and the /22 stays

      So to summarize I can workaround that with:

      • delete old entry
      • save first
      • create new entry on the bottom of the list with new CIDR mask
      • save again

      so my alias is "changed" the right way, but that's not the way my customers would do things so that seems to be a problem with the alias handling or filterdns "caching"? the old values and not refreshing properly when the entry is changed in the alias table?

      As my network alias also has FQDNs for the dyndns customers in it, perhaps they are the problem (as there's a redmine ticket with that problem open), but I just wanted to verify the root of the problem and if it's already addressed.

      I suppose it could be related or belong to:
      https://redmine.pfsense.org/issues/9296
      https://redmine.pfsense.org/issues/13792
      https://redmine.pfsense.org/issues/13793
      or something alike

      Cheers
      \jens

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post