Funny, not sure how that got left out, but when I refactored the code it didn't make it through :-)

Fixed now. https://github.com/pfsense/pfsense/commit/e7bc770e1a0846628f5d4abea252da4e30d9a6c9

There were some recent changes to that code, a bug is possible.

Did any other (different) hosts share an IP with either of the ones reported right then? It should have logged the IPs as it found them.

That is a different mechanism entirely. That causes the client to trigger a DNS update on a "real" DNS server (e.g. BIND) via host update and it doesn't interact with dnsmasq at all.

Yep, with the snapshot 2.1-RC0 (amd64) built on Mon Jul 8 21:53:16 EDT 2013, it shows the correct version.

Thanks @jimp!

Tell us about the DMZ system(s). What state are their interfaces? Do they configure by DHCP?

I have seen cases where systems that get their configuration by DHCP go "offline" if disconnected for "too long": the DHCP client gives up permanently after a certain number of tries that don't solicit a response.

Everybody wants to know how to get IPsec clients to reconnect reliably after a drop or disconnect, but no one has a comment?
I hear crickets chirping…

thank you for your answer,

I have followed the recommendation and downgrade the snapshot to 1/7/13.
Till now I have no crash but I still have the ftp problem.
Almost no ftp traffic passes through the firewall and from times to times I have disconnections.

the WAN isnt going down, and there is nothing strange in the system logs and/or other logs. it just seems the check_reload_status goes bonkers and then shuts down the dns forwarder service and dhcp service after a while. the only fix is to reboot.

i found that is not just the bandwidth that causes this. it happens when i do different system functions like a backup along with other system functions that cause the check_reload_status.
its strange because it started to happen on the nightlies around the end of june (i update to a new nightly each day in this environment since its my test lab) and has affected each nightly in the month of june.

…so i dont know what other information i can output for everyone to help diagnose this problem. if you could direct me to what you might want/need to help...i would be more than welcome to gather that information.

however…on the other side of the coin.

….i use the RC build on the same exact machine configurations in twelve other colo's that range from a tower boxes to pretty large caged locations/office data centers that have many different networks and many racks stacked full of diverse equipment. those machines run solid, but even with load balancing i am running up against the 100mpbs port limitations on the boxes (and VPN power) .. (if they had 1gbps ports..i would be so very happy, but then i would run out of cpu/memory/storage on the boxes before i could utilize the full 1gbps.)
so i am going to move away from the watchguards to spec'd 2u machines from dell that i am currently working on rolling out.
sorry, i know none of that means anything to the original post, but i like to promote the use of these boxes (along with pfsense) to SMB's because they are just the little boxes that can!

I might be that 2.0.x was more tolerant when it encountered a buggy rule definition. For example, some valid DiffServ Code Points were not accepted because if a bug in the dscp patch. pfSense 2.0.x apparently just ignored the offending rule. pfSense 2.1 immediately threw an error on the same rule (apparently also causing port forwarding to fail). In this case, however, the error message gave me the name of the offending rule

Okay, the dscp patch bug is fixed by now in the 2.1 branch.

You might try to check if disabling rules can lead to an "offensive rule".

Frankly, I am wondering if this black magic behind the scenes brings any significant benefit for non-WAN interfaces.

Thanks jimp for an explicit explanation. :D

UPDATE: Adding boot delay parameter (after mounting the fs in rw mode from Diagonstics>>NanoBSD menu) didn't help. Have to choose option 3 in bootloader every time.

However, I found the solution here: http://doc.pfsense.org/index.php/Boot_Troubleshooting#Booting_from_USB

which is equivalent to option 3. Great option! Thanks to developers.

@stephenw10:

As mentioned above you should not have a gateway on LAN.

The only time you would ever want that is if you have some downstream router with another subnet behind it such that pfSense needs to know where to route traffic to get to it.

Usually you only see a LAN gateway in the gateway table like that if you have set one on the LAN config page. Your screenshot in the first post shows no gateway set but perhaps you set one subsequently? Either way make sure it is not set now and remove it from the gateway table.

Steve

I haven't set a gateway on LAN after I created this thread. I don't know why it was there.

I've removed the gateway.

If you can, you should try to use the older 20130701-1521 snapshot. I have not been able to crash that one yet…