Some sort of internal card reader maybe? That might be USB attached. You might be able to disable that in the BIOS. Might be something in the UPS. Try reconnecting it after boot and see what's logged. Make sure you're running the latest BIOS, that one has errors in the ACPI tables: acpi0: <ALASKA A M I > Firmware Error (ACPI): Could not resolve symbol [\_SB.PC00.TXHC.RHUB.SS01], AE_NOT_FOUND (20221020/dswload2-315) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20221020/psobject-372) Firmware Error (ACPI): Could not resolve symbol [\_SB.PC00.TXHC.RHUB.SS02], AE_NOT_FOUND (20221020/dswload2-315) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20221020/psobject-372)

Most places in the GUI simply display the interfaces in the order they are parsed in the config file. So changing them there would likely change it everywhere that counts.

Ok yes it looks like one of your USB Ethernet devices disconnected itself for some reason: ugen0.4: <Realtek USB 10/100/1000 LAN> at usbus0 (disconnected) ure1: at uhub0, port 23, addr 3 (disconnected) rgephy2: detached miibus2: detached ure1: detached Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x458 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80cc0c9c stack pointer = 0x28:0xfffffe00d93a9800 frame pointer = 0x28:0xfffffe00d93a9880 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (netlink_socket (PID) rdi: fffff8000f6382e0 rsi: 0000000000000004 rdx: 0000000000000000 rcx: 000018575745e64c r8: fffffe00dd54b8c0 r9: fffffe00d93aa000 rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00d93a9880 r10: 0000000000001388 r11: 000000008055c23d r12: fffffe00d93a9820 r13: fffffe00dd54b3a0 r14: 0000000000000000 r15: fffff8000f6382e0 trap number = 12 panic: page fault cpuid = 0 time = 1710642139 KDB: enter: panic And the backtrace does indeed show the issue is in the ure driver: db:0:kdb.enter.default> bt Tracing pid 0 tid 102948 td 0xfffffe00dd54b3a0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe00d93a94e0 vpanic() at vpanic+0x163/frame 0xfffffe00d93a9610 panic() at panic+0x43/frame 0xfffffe00d93a9670 trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00d93a96d0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00d93a9730 calltrap() at calltrap+0x8/frame 0xfffffe00d93a9730 --- trap 0xc, rip = 0xffffffff80cc0c9c, rsp = 0xfffffe00d93a9800, rbp = 0xfffffe00d93a9880 --- __mtx_lock_sleep() at __mtx_lock_sleep+0xbc/frame 0xfffffe00d93a9880 usbd_do_request_flags() at usbd_do_request_flags+0x75b/frame 0xfffffe00d93a9900 usbd_do_request_proc() at usbd_do_request_proc+0x5e/frame 0xfffffe00d93a9960 ure_miibus_readreg() at ure_miibus_readreg+0x185/frame 0xfffffe00d93a99d0 rgephy_status() at rgephy_status+0x7b/frame 0xfffffe00d93a9a10 rgephy_service() at rgephy_service+0x329/frame 0xfffffe00d93a9a60 mii_pollstat() at mii_pollstat+0x57/frame 0xfffffe00d93a9a90 ure_ifmedia_sts() at ure_ifmedia_sts+0x190/frame 0xfffffe00d93a9ae0 ifmedia_ioctl() at ifmedia_ioctl+0x163/frame 0xfffffe00d93a9b10 dump_iface() at dump_iface+0x145/frame 0xfffffe00d93a9bc0 rtnl_handle_getlink() at rtnl_handle_getlink+0x2a3/frame 0xfffffe00d93a9ca0 rtnl_handle_message() at rtnl_handle_message+0x195/frame 0xfffffe00d93a9d00 nl_taskqueue_handler() at nl_taskqueue_handler+0x79b/frame 0xfffffe00d93a9e40 taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe00d93a9ec0 taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe00d93a9ef0 fork_exit() at fork_exit+0x7f/frame 0xfffffe00d93a9f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00d93a9f30 --- trap 0xc, rip = 0x828ed73ea, rsp = 0x85dd21ca8, rbp = 0x85dd21cc0 --- Which is expected if it did disconnect unexpectedly. Avoid USB Ethernet if at all possible. If a crash report exists on the other device it would be in /var/crash.

@BassT said in switch from HAProxy Manager to pfsense haproxy: basst@Kubuntu-VM:~$ curl pfsense.home curl: (6) Could not resolve host: pfsense.home In that case, the pfsense is the domain (eg, pfsense.com and the home is the TLD (top level domain, eg .com). In order for that to work, you would need to set a domain of pfsense.home: [image: 1710765083948-0da662dd-1610-4958-8157-d3a268ae3cf9-image.png]

Don't forget to mark as solved!

So in the package manager page? What pfSense version was that in? Steve

@musthafa said in New Installation - No internet on LAN: @JonathanLee said in New Installation - No internet on LAN: Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ? No. I'm new to pfSense. please guide me on it https://docs.netgate.com/pfsense/en/latest/services/dns/index.html Netgate has a docs page that’s amazing. I recommend you look at a configuration recipe. They have some configuration instructions like it’s a cookbook with terminology “recipe”

Do you restrict the number of states allowed on some connections? I noticed once I said for example 1 state allowed at a time for GUI it start to speed up a lot. Some I added expire timers on like my VPNs etc. ACL for the HA proxy system should only have how many states??? Maybe just one as it is linked to the other proxy. [image: 1719641827959-screenshot-2024-03-15-at-13.15.33-resized.png] I don't know if that helps, but some cookies kept creating multiple states for some weird reason and slowing everything down. But that was just me this fixed it for me with KEA use also.

If your ISP is offering some sort of translation to v6 upstream then you may be able to use that. Or potentially you could host your own translation node to do that. But it would still be easier to just tunnel or encapsulate the v6 to something you host.

The interfaces in the widget are simply parsed in the order they appear in the config. The only options there are to hide interfaces. You could potentially reorder the interfaces in the config if it's really important to you.

@stephenw10 Looks like just a reboot has done it. I have a backup negate box that I swapped over with the same config, so I could work on the said problem box, interestingly when SSH'd onto the unit, it was not loading the menu, but it did allow me to send the reboot command to it and after it came back up it behaved as normal - I swapped it back into the production network and all looks good. No recurrence of the error so far. Hopefully now OK. Thanks for your help :)

@stephenw10 Unfortunately, no. It only seems to show up at startup fortunately. If I catch it again I'll screenshot it.

@stephenw10 Thank you So Much Will nice in near future will all some options to manage the fw & nat rules. over command line. right now pfsense start be used very large scale in datacenter for secure layer apps. can be i game changer for pfsense to be massive deploy a large scale. thank you have a nice time.

Hmm, I was going to recommend disabling the audio hardware in the BIOS: hdacc0: <Realtek ALC897 HDA CODEC> at cad 0 on hdac0 hdaa0: <Realtek ALC897 Audio Function Group> at nid 1 on hdacc0 pcm0: <Realtek ALC897 (Right Analog)> at nid 20 and 24 on hdaa0 hdacc1: <Intel Kaby Lake HDA CODEC> at cad 2 on hdac0 hdaa1: <Intel Kaby Lake Audio Function Group> at nid 1 on hdacc1 pcm1: <Intel Kaby Lake (HDMI/DP 8ch)> at nid 3 on hdaa1 But you probably can't do that in Coreboot. You can see in your output though that it is booting with Video as the primary console: Dual Console: Video Primary, Serial Secondary If you have a serial connection I recommend setting serial as the primary console if only because it's much easier to log and copy and output from a serial terminal.

Since you changed nothing on pfSense (at least directly), I would go looking for the root cause in the Nutanix Cluster update process. My first guess would be during the move from node to node the Nutanix process changed something about the VNICs (could have been a MAC address, could have been something related to VLAN IDs if used, etc.). Changes to the VNIC could leave pfSense "confused" about which interface is LAN and which is WAN, for example.

@stephenw10 It is too early to tell but my internet fell-over today so multiple disconnects and re-connection attempts... ...and the router didn't crash. There is hope. ️

@stephenw10 Hey there, sorry for the late reply, had some personal issues and I wasn't available. I'm gonna try again and update as soon as I can. ISP is sadly still pretty unresponsive... Thanks again.

Ah you actually have an interface group for the WANs with the rule on it? Yes, if you do that reply-to tags cannot works because the rule applies to multiple interfaces. It cannot know which interface (gateway) to reply to. For reply-to tagging to work incoming traffic must be passed on the interface itself. It's the same reason that OpenVPN traffic must be passed on an assigned interface for repy-to to work. The group openvpn interface will not tags it. @Sergei_Shablovsky said in [SOLVED] NTP not answering on 2-nd uplink WAN: And in System / Routing / Gateways this BALANCED group set as “Default Gateway IPv4” That's still invalid. The system default gateway should only be a specific gateway or a failover group. You cannot load-balance traffic like that. Steve

@NollipfSense said in Connecting to CloudFlare, surely its possible.: @deanfourie I think a better question would be what about REST API that was promised for pfSense 2.6 but didn't make it? Has pfSense moved away from implementing that strategy? With REST API, it would be very easy to run containers and other micro-services... Beside the Netgate promises, the idea to running micro-services and especially containers inside pfSense - very bad idea. I prefer to look on pfSense as solid system with a fraction of 3-rd packages (but VERY WELL TESTED an bug-free!).

@stephenw10 Thanks sir!