Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowed Hostnames creating a system error "File exists"

    Captive Portal
    3
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      goldstrom
      last edited by

      Adding hostnames to the Allowed Hostnames tab isn't allowing my users (the kids :o) to reach those hostnames; In the system logs I see the following error message:

      php: /services_captiveportal_hostname_edit.php: The command '/sbin/ipfw -x cpzone /tmp/hostname_rules' returned exit code '71', the output was 'Line 3: setsockopt(IP_FW_TABLE_ADD): File exists'

      I'm trying to add IMAP.gmail.com and SMTP.gmail.com for Outlook Email but not getting anywhere from the clients on that LAN unless I log in through the captive portal.

      I'm running release 2.1.5 (firmware) on a fireguard router.

      Any one have any ideas or see something similar?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You cannot use "allowed hostnames" for sites that return many randomized IP addresses like gmail. It only works for sites that resolve to the same IP addresses every time.

        Say for example gmail.com can have x.x.x.1, x.x.x.2, x.x.x.3, and x.x.x.4. If you query it via DNS it may show you x.x.x.1 and x.x.x.3 one time (when the firewall checks) and x.x.x.2 and x.x.x.4 when the client checks. So even though it looks like it should pass, it does not because the addresses do not line up.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Normally those dns entries will be treated the same.
          There is a possiblity that the command fails due to existing entries and this needs to be checked.

          Can you open a redmine.pfsense.org ticket for this.

          @Jim,

          filterdns is started as well on CP for allowed hostnames.
          You cannot have wildcards but it should be working for normal dns names with many ips.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Many IPs, yes, but not random sets that could have different replies between the client check and server check.

            If the firewall resolves a host to x.x.x.x and the client resolves that same host to y.y.y.y, then it still wouldn't work.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • G
              goldstrom
              last edited by

              Thank you; that's interesting and I appreciate your response.
              I think I'll look at that further once I solve the php error showing in the logs, for example just now: php: /services_captiveportal_hostname_edit.php: The command '/sbin/ipfw -x cpzone /tmp/hostname_rules' returned exit code '71', the output was 'Line 3: setsockopt(IP_FW_TABLE_ADD): File exists'
              when I added a website to the list.

              I will try to submit the ticket.
              Regards,
              David

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.