504 Gateway error after update
-
Hmm, do you have any 'unusual' rules?
-
@stephenw10
Maybe some poorly configured outdated vlans? -
No it would need to be some combinations of odd settings making it unique. Like maybe a gateway, schedule, IP options and one TCP flag or something equally weird.
Try running at the command line:
pfctl -vvf /tmp/rules.debug
If it's a rules issue directly that will fail but should show what it's choking on.
Steve
-
You should also check the running kernel with
uname -a
in case it's booted the 22.01 kernel somehow. For example:[22.05-RELEASE][admin@2100-2.stevew.lan]/root: uname -a FreeBSD 2100-2.stevew.lan 12.3-STABLE FreeBSD 12.3-STABLE plus-RELENG_22_05-n202700-3ddaea61055 pfSense arm64
Steve
-
Loaded 762 passive OS fingerprints pfctl: pfctl_rules pfctl: DIOCXROLLBACK: Invalid argument
I think you were right. The upgrade only half finished.
uname -a FreeBSD pfsense.johnst 12.3-STABLE FreeBSD 12.3-STABLE plus-RELENG_22_01-n202637-97cc5c23e13 pfSense arm64
-
pfSense-upgrade -d -c >>> Updating repositories metadata... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Your system is up to date
-
Another possibility here is that the 22.01 kernel has loaded from another boot device.
Do you have an SSD in that 2100? Is it booting ZFS from the SSD?
-
@stephenw10
No it’s just stock. I think it’s just emmc.
Is there a good way to check?Josh
-
You can run
zpool status
to see what it booted from.You can run
geom disk list
to see the drives in the system. -
zpool status KLD zfs.ko: depends on kernel - not available or version mismatch internlize ZFS library
This is the output of the first command
Geom name: flash/spi0 Providers: 1. Name: flash/spi0 Mediasize: 4194304 (4.0M) Sectorsize: 512 Stripesize: 4096 Stripeoffset: 0 Mode: r0w0e0 descr: w25q32 ident: (null) rotationrate: unknown fwsectors: 0 fwheads: 0 Geom name: mmcsd0 Providers: 1. Name: mmcsd0 Mediasize: 7820083200 (7.3G) Sectorsize: 512 Stripesize: 512 Stripeoffset: 0 Mode: r1w1e3 descr: MMCHC DG4008 0.1 SN A603B710 MFG 12/2019 by 69 0x0000 ident: A603B710 rotationrate: 0 fwsectors: 0 fwheads: 0 Geom name: mmcsd0boot0 Providers: 1. Name: mmcsd0boot0 Mediasize: 4194304 (4.0M) Sectorsize: 512 Stripesize: 512 Stripeoffset: 0 Mode: r0w0e0 descr: MMCHC DG4008 0.1 SN A603B710 MFG 12/2019 by 69 0x0000 ident: A603B710 rotationrate: 0 fwsectors: 0 fwheads: 0 Geom name: mmcsd0boot1 Providers: 1. Name: mmcsd0boot1 Mediasize: 4194304 (4.0M) Sectorsize: 512 Stripesize: 512 Stripeoffset: 0 Mode: r0w0e0 descr: MMCHC DG4008 0.1 SN A603B710 MFG 12/2019 by 69 0x0000 ident: A603B710 rotationrate: 0 fwsectors: 0 fwheads: 0
It's just the stock option.
-
Hmm, running ufs then and only one drive. Not loading a kernel from the wrong device then.
You can always reinstall 22.05 clean and restore the config. That is usually the quickest way to recover. Open a ticket with us to hey the firmware image if you need it:
https://www.netgate.com/tac-support-requestSteve
-
@stephenw10 thanks Stephen
-
@stephenw10
Form submitted. -
Now that things are working again all I can think of as the problematic settings are pfblockerNG-devel with a lengthy set of lists or the Firewall Log widget GUI being set to 500 entries while default rule logs was not turned off.
-
Hmm, that shouldn't be an issue. Glad you're back and running though.