Project

General

Profile

Bug #10253

pfblockerng-devel uses user interface for VIP causing issues with other services

Added by Chris Roadfeldt 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
02/11/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2.5
Affected Architecture:
amd64

Description

I have pfblockerng-devel installed and configured with DNSBL on most of my interfaces and VLANs. I also have avahi-daemon working as a mDNS reflector between a few VLANs and it works well, when the issue below is not occuring.

The issue is that when avahi-daemon is configured for mdns reflection, it chooses the IP of the VIP for a selected interface instead of the primary interface IP address. Obviously this defeats the purpose of reflecting mdns traffic to the LAN network and instead it reflects the mdns traffic to the VIP network, which by definition, goes no where. The work around was to bind the VIP to another VLAN interface or localhost, one which I do not want mdns reflection to occur and thus have not selected for avahi-daemon usage.

This works as a work around, based on feedback in my bug report for the avahi config, I am reporting this here as it appears the VIP should be assigned to localhost. See https://redmine.pfsense.org/issues/10251 for further reference.

Also available in: Atom PDF