Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense RC3 - hostnames are not allowed acces when using an Alias in an Alias

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    3
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rhongomiant
      last edited by

      I am using the AMD64 builds of pfSense 2.0 RC3. I have the same build running on an dedicated hardware and in a VM with CARP configured on both. The dedicated hardware was installed with a build of AMD64 RC2. When I setup CARP, I updated the dedicated hardware to the following build and installed the VM using pfSense-2.0-RC3-amd64-20110708-1843.iso. I have updated three times since the install. The current build on both is 2.0-RC3 Built On: Sun Jul 24 04:39:44 EDT 2011.

      I have an alias type network(s) that also contains a hostname for a site that does not have a static IP. This works great which is surprising because I have been told by people that have many large pfSense setups that PF doers not deal with that well. However, they are running, 1.x builds and not the latest 1.x, so maybe this was resolved long ago.

      Anyway, I created an alias type network(s) that contains the alias I described above and another alias and created a NAT rule with this new alias as a filter. I could access the port defined in this NAT rule from any IP/Network in this new alias and the aliases it contained, but not from the hostname described above.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        I suspect that it might not be a good idea to use hostnames in firewall rules if the hostname has a dynamic translation.

        Firewall rules MIGHT be evaluated in a context where it is difficult to do a hostname to IP address translation. And, for performance reasons, even if it was straightforward, it might not be a good idea to do a hostname to IP address translation every firewall rule evaluation.

        Maybe if you really need to include in firewall rules a host whose public IP address changes "frequently" you would be better off having that host connect to pfSense  over a VPN and use the VPN mechanisms to assign it a fixed IP address or an IP address in a fixed subnet.

        @Rhongomiant:

        Anyway, I created an alias type network(s) that contains the alias I described above and another alias and created a NAT rule with this new alias as a filter. I could access the port defined in this NAT rule from any IP/Network in this new alias and the aliases it contained, but not from the hostname described above.

        Has the hostname to IP address translation changed since your rules were first processed?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          On 2.0 there is a daemon which periodically updates hostnames used in aliases. It's safe to use even dyndns entries there these days.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post