I can no longer update my FreeBSD servers since putting them behind my pfSense firewall. Everytime I Google how to allow updates of FreeBSD, it comes back with how to update my pfSense (NOT what I need). I am assuming that this is either a NAT or FW Rule. Could someone point me in the right direction? Yes, I am ready to be ridiculed…Thank you
pfsense itself should not do that, do you have pfblocker loaded and if so have you tried turning it off?
I turned off pfblocker. I tried:
Updating FreeBSD repository catalogue…
pkg: http://pkg.freebsd.org/FreeBSD:12:amd64/latest/meta.txz: No address record
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.freebsd.org/FreeBSD:12:amd64/latest/packagesite.txz: No address record
Unable to update repository FreeBSD
Error updating repositories!
nothing. I then tried to ping update.FreeeBSD.org
ping: cannot resolve update.FreeBSD.org: Host name lookup failure
My VLAN for my servers is a x.x.3.x My web server is seeable to the internet.
I am at a loss
I’m running pfSense and pfBlockerNG and was able to look up update.freebsd.org without issue. Maybe look to your upstream DNS? I’m using CloudFlare currently. What upstream DNS servers is your pfSense box using?
I killed my pfblockerng. Still nothing. I was using 9.9.9.9 for my DNS server, so I changed it to 1.1.1.1 (Cloudflare). I have my servers on their own VLAN. Still cant even ping from my server to the update server.
Hmm? Bad DNS cache within pfSense? Have you tried restarting the unbound server?
https://www.cyberciti.biz/faq/how-to-flushclear-the-pfsense-dns-forwarder-cache/
Tried restarting the unbound server and restart my pfSense firewall (per recommended URL). Still no ping and no updates. I feel sure I’ve left something undone, but I can’t figure out what it is. I think I may be onto something though. I can’t ping anything in my intranet or the internet, but I can SSH into my server from my laptop. As I had previously said, my server (for web site) is viewable to the internet. My Rules for my server VLAN is Source (LAN), * port → Destination (SERVER net), * port, * gateway
Thank you for all of your help.
If you can use TCP services such as SSH but can not do ICMP that points to a firewall rule possibly being sent to TCP instead of ANY.
I’m there is but, I just can’t seem to find it.
here’s a list of my Rules:
pfSense v2.5.0-RELEASE(amd64)
✓
NAT
✓
Interface: WAN
Protocol: TCP/UPC
Source Address: *
Source Ports: *
Dest. Address: WAN Address
Dest. Ports: 80(HTTP)
NAT IP: 192.168.3.103
NAT Ports: 80(HTTP)
✓
Interface: WAN
Protocol: TCP/UPC
Source Address: *
Source Ports: *
Dest. Address: WAN Address
Dest. Ports: 22(SSH)
NAT IP: 192.168.3.103
NAT Ports: 22(SSH)
LAN
✓
States: 0/0 B
Protocol: *
Source: *
Port: *
Destination: LAN Address
Port: 10442 22
Gateway: *
Queue: *
Schedule:
Description: Anti-Lockout Rule
✓
States: 0/0 B
Protocol: IPv4*
Source: LAN net
Port: *
Destination: *
Port: *
Gateway: *
Queue: none
Schedule:
Description: Default allow LAN to any rule
✓
States: 0/0 B
Protocol: IPv6*
Source: *
Port: *
Destination: *
Port: *
Gateway: *
Queue: none
Schedule:
Description: Default allow LAN IPv6 to any rule
Servers VLAN
✓
States: 0/0 B
Protocol: IPv4*
Source: LAN net
Port: *
Destination: SERVERS net
Port: *
Gateway: *
Queue: none
Schedule:
Description: Allow All
WAN
X
States: 0/864 KiB
Protocol: *
Source: RFC 1918 networks
Port: *
Destination: *
Port: *
Gateway: *
Queue: *
Schedule:
Description: Block private networks
X
States: 0/17 KiB
Protocol: *
Source: Reserved Not assigned by IANA
Port: *
Destination: *
Port: *
Gateway: *
Queue: *
Schedule:
Description: Block bogon networks
✓
States: 0/6.21 MiB
Protocol:IPv4 TCP/UDP
Source: *
Port: *
Destination: 192.168.1.103
Port: 80(HTTP)
Gateway: *
Queue: none
Schedule:
Description: NAT WAN to Webserver
✓
States: 0/0 B
Protocol: IPv4 TCP/UDP
Source: *
Port: *
Destination: 192.168.1.103
Port: 22
Gateway: *
Queue: none
Schedule:
Description: NAT SSH to server
Hey! With your help, I found my issue. I had to allow my server LAN out. sheesh, sorry about that. Thank you all for your great help and not making TOO much fun of me.