I got the solution.
I deleted the NAT again and created a new one without automatic rule linked to it. That's how I found the problem. The order of the auto-added firewall rule was wrong. It was added below the block-all rule, I just had to change the order, pretty simple if you think about it… Still I don't know why the rejecte packets weren't visible in the logfile.

Thank you all for your replies.

Greetz Daniel

Thank you - filer works great and has XMLRPC sync. Just what I needed.

Best Regards
Jan

Both of those are features, we don't merge features into maintenance branches. You can use the System Patches package to add that to systems where you need it in the mean time. The master branch will become 2.3 later this year.

@robi:

@morphmkd:

This is a virtual machine and I also have a snapshot from before the upgrade so I can go back and upgrade again (already tried this several times).

Can you please elaborate on the procedure? Do you want me to go back to 2.1.5, make a backup, upgrade, uninstall all the packages, reboot and then restore the backup from 2.1.5?

I'm also running a couple of pfSense instances as VMs.

I never upgrade in-place. I'm always just taking a config backup of the running pfSense, creating a brand new virtual machine with the same parameters (similar NICs in the same networks), doing a completely fresh install from scratch with the new version, adding a temporary IP address to the LAN port just to access the default web interface, restore the config taken from the previous version. While it reboots, I just disconnect the NICs of the old VM from the network, and have the new one running in place of it.

This way, I have an instantly running copy of pfSense running the previous version, no more than a NIC connection away.

Yes, that's exactly what I ended up doing. :)

Good to hear it's working, now hopefully we can track down the original issue and fix that up. If other packages suffer the same fate, they deserve their own threads, hopefully their maintainers or others can work in a similar fix.

You simply select "I will install OS later" or something along that. Pick the ISO in the configuration and boot from it. Huge issue.  ::)

(Screenshots stolen from here.)

Thanks doktornotor! :)

Thats good news for everyone.  Although, the words "work around" anywhere in his original post would have probably helped the masses to find it.

Glad its working.

I had these errors on my squid log:

2015/03/18 12:54:28 kid1| Starting Squid Cache version 3.4.10 for i386-portbld-freebsd10.1... 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 18 to 192.168.2.1:800: (13) Permission denied 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 19 to 192.168.16.1:800: (13) Permission denied FATAL: Unable to open HTTP Socket Squid Cache (Version 3.4.10): Terminated abnormally.

Using sockstats I didn't have nothing on the 800 port. I lurked around and I found the solution on the Bugtracker of pfSense [1]. Run this command on console or add it to System/Advanced/Tunables

sysctl net.inet.ip.portrange.reservedhigh=0

[1] https://redmine.pfsense.org/issues/4196

When I got that error. I do a reboot (I think 2-3 hours it's time enought to do one upgrade) and after it I reinstall all the installed packages within the webconfigurator.

Just for reference, I have upgraded 8 Alix 2D13 from 2.2 to 2.2.1 "in some wild places" in the last <24 hours, all without a problem. They had all previously been upgraded from 2.1.5 to 2.2.

As Steve asks, post info on what goes wrong - does not boot at all? what boot messages? what system log messages?…

@stan-qaz:

sad puppy eyes with near zero effort!

Ha, I know that.  ;)

Steve

Yes vsphere is esxi

That is my project that I am working on. Its gor my digital forensics lab where ill have workstation lab to which ill be remoting into. Other than that I'm trying to make as complicating as possible where I'll be connecting other routers to the network. Im more of a Cisco IOS never used pfSense before.

I'm just trying to get the pfSense 1 to work and get it online. If someone has a configuration file with multiple NIC's so I could try it out.

Thanks!

Same issue here, different hardware though. I upgraded to the latest snapshot hoping it would help, but after 2 days had another random restart.

Going to roll back to 2.1.5 for now.

I've used the report crash option every time it crashes, I don't know where that goes exactly though. I also don't have that kernel dump to paste here because it's already sent and deleted.

Here is my boot log if that helps:

Copyright (c) 1992-2014 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.1-RELEASE-p6 #0 b69ba8f(releng/10.1)-dirty: Thu Mar 12 09:11:37 CDT 2015     root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: Intel(R) Atom(TM) CPU  330  @ 1.60GHz (1600.03-MHz K8-class CPU)   Origin = "GenuineIntel"  Id = 0x106c2  Family = 0x6  Model = 0x1c  Stepping = 2   Features=0xbfe9fbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x40e31d <sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe>AMD Features=0x20100800 <syscall,nx,lm>AMD Features2=0x1 <lahf>TSC: P-state invariant, performance statistics real memory  = 4294967296 (4096 MB) avail memory = 3571712000 (3406 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <121009 APIC1510> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 HTT threads cpu0 (BSP): APIC ID:  0 cpu1 (AP/HT): APIC ID:  1 cpu2 (AP): APIC ID:  2 cpu3 (AP/HT): APIC ID:  3 ioapic0: Changing APIC ID to 4 ioapic0 <version 1.1=""> irqs 0-23 on motherboard wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff8060b270, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff8060b320, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff8060b3d0, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80632a40, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80632af0, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff80632ba0, 0) error 1 random: <software, yarrow=""> initialized kbd1 at kbdmux0 cryptosoft0: <software crypto=""> on motherboard padlock0: No ACE support. acpi0: <121009 RSDT1510> on motherboard acpi0: Power Button (fixed) acpi0: reservation of fefe1000, 1000 (3) failed acpi0: reservation of fee01000, ff000 (3) failed acpi0: reservation of fec00000, 1000 (3) failed acpi0: reservation of fee00000, 1000 (3) failed acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, dff00000 (3) failed cpu0: <acpi cpu=""> on acpi0 cpu1: <acpi cpu=""> on acpi0 cpu2: <acpi cpu=""> on acpi0 cpu3: <acpi cpu=""> on acpi0 hpet0: <high precision="" event="" timer=""> iomem 0xfed00000-0xfed00fff irq 2,8 on acpi0 Timecounter "HPET" frequency 25000000 Hz quality 950 attimer0: <at timer=""> port 0x40-0x43 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 atrtc0: <at realtime="" clock=""> port 0x70-0x71 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 Timecounter "ACPI-safe" frequency 3579545 Hz quality 850 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 pcib0: <acpi host-pci="" bridge=""> port 0xcf8-0xcff on acpi0 pci0: <acpi pci="" bus=""> on pcib0 pci0: <memory, ram=""> at device 0.1 (no driver attached) isab0: <pci-isa bridge=""> port 0x4f00-0x4fff at device 3.0 on pci0 isa0: <isa bus=""> on isab0 pci0: <memory, ram=""> at device 3.1 (no driver attached) pci0: <memory, ram=""> at device 3.3 (no driver attached) pci0: <processor> at device 3.5 (no driver attached) ohci0: <nvidia nforce="" mcp79="" usb="" controller=""> mem 0xfae7f000-0xfae7ffff irq 22 at device 4.0 on pci0 usbus0 on ohci0 ehci0: <nvidia nforce="" mcp79="" usb="" 2.0="" controller=""> mem 0xfae7ec00-0xfae7ecff irq 23 at device 4.1 on pci0 usbus1: EHCI version 1.0 usbus1 on ehci0 ohci1: <nvidia nforce="" mcp79="" usb="" controller=""> mem 0xfae7d000-0xfae7dfff irq 20 at device 6.0 on pci0 usbus2 on ohci1 ehci1: <nvidia nforce="" mcp79="" usb="" 2.0="" controller=""> mem 0xfae7e800-0xfae7e8ff irq 21 at device 6.1 on pci0 usbus3: EHCI version 1.0 usbus3 on ehci1 pcib1: <acpi pci-pci="" bridge=""> at device 9.0 on pci0 pci1: <acpi pci="" bus=""> on pcib1 nfe0: <nvidia nforce="" mcp79="" networking="" adapter=""> port 0xc080-0xc087 mem 0xfae7c000-0xfae7cfff,0xfae7e400-0xfae7e4ff,0xfae7e000-0xfae7e00f irq 22 at device 10.0 on pci0 miibus0: <mii bus=""> on nfe0 rgephy0: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface=""> PHY 3 on miibus0 rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow ahci0: <nvidia mcp79="" ahci="" sata="" controller=""> port 0xc000-0xc007,0xbc00-0xbc03,0xb880-0xb887,0xb800-0xb803,0xb480-0xb48f mem 0xfae7a000-0xfae7bfff irq 23 at device 11.0 on pci0 ahci0: AHCI v1.20 with 6 3Gbps ports, Port Multiplier supported ahci0: quirks=0x200 <noaa>ahcich0: <ahci channel=""> at channel 0 on ahci0 ahcich1: <ahci channel=""> at channel 1 on ahci0 ahcich2: <ahci channel=""> at channel 2 on ahci0 ahcich3: <ahci channel=""> at channel 3 on ahci0 ahcich4: <ahci channel=""> at channel 4 on ahci0 ahcich5: <ahci channel=""> at channel 5 on ahci0 pcib2: <acpi pci-pci="" bridge=""> irq 20 at device 12.0 on pci0 pci2: <acpi pci="" bus=""> on pcib2 pcib3: <acpi pci-pci="" bridge=""> at device 16.0 on pci0 pci3: <acpi pci="" bus=""> on pcib3 vgapci0: <vga-compatible display=""> port 0xdc00-0xdc7f mem 0xfb000000-0xfbffffff,0xe0000000-0xefffffff,0xf6000000-0xf7ffffff irq 21 at device 0.0 on pci3 vgapci0: Boot video device pcib4: <acpi pci-pci="" bridge=""> irq 21 at device 21.0 on pci0 pci4: <acpi pci="" bus=""> on pcib4 pcib5: <acpi pci-pci="" bridge=""> irq 22 at device 22.0 on pci0 pci5: <acpi pci="" bus=""> on pcib5 re0: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet=""> port 0xe800-0xe8ff mem 0xfebff000-0xfebfffff,0xf9ffc000-0xf9ffffff irq 16 at device 0.0 on pci5 re0: Using 1 MSI-X message re0: Chip rev. 0x2c000000 re0: MAC rev. 0x00200000 miibus1: <mii bus=""> on re0 rgephy1: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface=""> PHY 1 on miibus1 rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow pcib6: <acpi pci-pci="" bridge=""> irq 23 at device 23.0 on pci0 pci6: <acpi pci="" bus=""> on pcib6 pcib7: <acpi pci-pci="" bridge=""> irq 20 at device 24.0 on pci0 pci7: <acpi pci="" bus=""> on pcib7 acpi_button0: <power button=""> on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sc0: <system console=""> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <generic isa="" vga=""> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 atkbdc0: <keyboard controller="" (i8042)=""> at port 0x60,0x64 on isa0 atkbd0: <at keyboard=""> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] ppc0: cannot reserve I/O port range p4tcc0: <cpu frequency="" thermal="" control=""> on cpu0 p4tcc1: <cpu frequency="" thermal="" control=""> on cpu1 p4tcc2: <cpu frequency="" thermal="" control=""> on cpu2 p4tcc3: <cpu frequency="" thermal="" control=""> on cpu3 Timecounters tick every 1.000 msec IPsec: Initialized Security Association Processing. random: unblocking device. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 480Mbps High Speed USB v2.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen0.1: <nvidia> at usbus0 uhub0: <nvidia 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus0 ugen3.1: <nvidia> at usbus3 uhub1: <nvidia 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus3 ugen2.1: <nvidia> at usbus2 uhub2: <nvidia 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus2 ugen1.1: <nvidia> at usbus1 uhub3: <nvidia 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus1 uhub0: 6 ports with 6 removable, self powered uhub2: 6 ports with 6 removable, self powered uhub1: 6 ports with 6 removable, self powered uhub3: 6 ports with 6 removable, self powered ada0 at ahcich0 bus 0 scbus0 target 0 lun 0 ada0: <maxtor 6y080m0="" yar51ew0=""> ATA-7 SATA device ada0: Serial Number Y2GQ3BEE ada0: 150.000MB/s transfers (SATA 1.x, UDMA6, PIO 8192bytes) ada0: 78166MB (160084415 512 byte sectors: 16H 63S/T 16383C) ada0: Previously was known as ad4 SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! Timecounter "TSC" frequency 1600034292 Hz quality 1000 Trying to mount root from ufs:/dev/ada0s1a [rw]...</maxtor></nvidia></nvidia></nvidia></nvidia></nvidia></nvidia></nvidia></nvidia></cpu></cpu></cpu></cpu></at></keyboard></generic></system></power></acpi></acpi></acpi></acpi></rtl8169s></mii></realtek></acpi></acpi></acpi></acpi></vga-compatible></acpi></acpi></acpi></acpi></ahci></ahci></ahci></ahci></ahci></ahci></noaa></nvidia></rtl8169s></mii></nvidia></acpi></acpi></nvidia></nvidia></nvidia></nvidia></processor></memory,></memory,></isa></pci-isa></memory,></acpi></acpi></at></at></high></acpi></acpi></acpi></acpi></software></software,></version></lahf></syscall,nx,lm></sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

Yes ok, excellent point, hadn't thought of that. At some point I may try a VM set up, and see if I can learn anything about what I was doing wrong (it's clear now it was my setup somehow). But in any case I have a workable path forward now so.. onwards!

Thanks again so much for the support :)

There's a specific recommendation for xpt issues, disable any on-board FireWire devices.
https://doc.pfsense.org/index.php/Boot_Troubleshooting#Conflicting_Hardware
Try that.

https://forum.pfsense.org/index.php?topic=89369.0

Steve

Not necessarily but if you have bad caps or a PSU with a shaky rail you can get some weird symptoms.
The fan just twitching like that is a sure sign of something attempting to come up and then immediately dropping out, the 12V rail perhaps.

Steve