Allowed Hostnames creating a system error "File exists"



  • Adding hostnames to the Allowed Hostnames tab isn't allowing my users (the kids :o) to reach those hostnames; In the system logs I see the following error message:

    php: /services_captiveportal_hostname_edit.php: The command '/sbin/ipfw -x cpzone /tmp/hostname_rules' returned exit code '71', the output was 'Line 3: setsockopt(IP_FW_TABLE_ADD): File exists'

    I'm trying to add IMAP.gmail.com and SMTP.gmail.com for Outlook Email but not getting anywhere from the clients on that LAN unless I log in through the captive portal.

    I'm running release 2.1.5 (firmware) on a fireguard router.

    Any one have any ideas or see something similar?


  • Rebel Alliance Developer Netgate

    You cannot use "allowed hostnames" for sites that return many randomized IP addresses like gmail. It only works for sites that resolve to the same IP addresses every time.

    Say for example gmail.com can have x.x.x.1, x.x.x.2, x.x.x.3, and x.x.x.4. If you query it via DNS it may show you x.x.x.1 and x.x.x.3 one time (when the firewall checks) and x.x.x.2 and x.x.x.4 when the client checks. So even though it looks like it should pass, it does not because the addresses do not line up.



  • Normally those dns entries will be treated the same.
    There is a possiblity that the command fails due to existing entries and this needs to be checked.

    Can you open a redmine.pfsense.org ticket for this.

    @Jim,

    filterdns is started as well on CP for allowed hostnames.
    You cannot have wildcards but it should be working for normal dns names with many ips.


  • Rebel Alliance Developer Netgate

    Many IPs, yes, but not random sets that could have different replies between the client check and server check.

    If the firewall resolves a host to x.x.x.x and the client resolves that same host to y.y.y.y, then it still wouldn't work.



  • Thank you; that's interesting and I appreciate your response.
    I think I'll look at that further once I solve the php error showing in the logs, for example just now: php: /services_captiveportal_hostname_edit.php: The command '/sbin/ipfw -x cpzone /tmp/hostname_rules' returned exit code '71', the output was 'Line 3: setsockopt(IP_FW_TABLE_ADD): File exists'
    when I added a website to the list.

    I will try to submit the ticket.
    Regards,
    David


Log in to reply