Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't reach 10.10.10.1

    Scheduled Pinned Locked Moved
    pfBlockerNG
    1
    2
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Orwi
      last edited by Orwi

      Summary: I can't reach the PFBlocker IP.
      This leads to longer loading times in cases, it is utilized.

      The config itself is a bit aged and restored on each new installation. Current PF Sense Version: 2.7.1 CE
      I used a lab machine to find some rules in NAT or Firewall itself, especially the ones in the wizard:
      95ba3d5e-8006-4975-a513-4620b045cd0f-Screenshot 2023-11-27 at 23-24-43 pfSense-testing.home.arpa - Wizard pfBlockerNG Setup pfBlockerNG DNSBL Component Configuration.png

      But I wasn't able to find these rules, neither in fresh install nor my current live setup.
      As I use a multi-wan HA setup, I like my NAT rules created manual. But then again, even in a fresh install with only 3 NICs no rule appears related to PFBlockerNG.

      I have to admit, it drives me mad. I can't find, why I can't ping, neither can't reach the PFBlockerIP. In a desperate try, I re-created the rules in HAProxy, but the ports have been taken - so I assume, these invisible rules are there.. somewhere ;)

      To clarify:

      • even an allow all in the requesting interface doesn't do the job.

      Sadly, I can't post the base PFBlocker screenshot condfig here, as it is to big ;).

      eeb3ea29-b2d5-4989-84e0-47181684bab3-image.png

      ef0e0f23-58d9-41fd-b0eb-1298777ffcbb-image.png

      I use some 10.10.10.x/32 Alias IPs, put on NIC VIPs. But I think, as they are /32, they shouldn't matter.
      To simplify things, I would be glad to reach this &/("§ IP from LAN.

      So, to be specific:
      What are my debug options?
      What are the greatest chances of error?

      O 1 Reply Last reply Reply Quote 0
      • O
        Orwi @Orwi
        last edited by Orwi

        Additional inforrmation I forgot:

        Traceroute says to me, that the 10.10.10.1 is routed to WAN, which is 10.1.1.1/24.

        Also - an logically after the previous said, 10.10.10.1 doesn't show in route table.
        And that I don't understand.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post