Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-2100 23.01 update failed

    Scheduled Pinned Locked Moved Official NetgateĀ® Hardware
    112 Posts 12 Posters 28.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netboy @stephenw10
      last edited by

      @stephenw10 said in SG-2100 23.01 update failed:

      Those log lines are each a service listening on a different port. Almost certainly thats NAT reflection for a forwarded range of ports running in NAT+Proxy mode.

      I am following up on your comment. Here is my config

      system -> firewall & NAT

      676a8dda-c981-48b6-926d-c8df5b686b7d-image.png

      Any advice?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It's not NAT reflection then.

        What do you have running on that port range? (19000-19400)

        N 1 Reply Last reply Reply Quote 0
        • N
          netboy @stephenw10
          last edited by

          @stephenw10
          I issued

          Netstat -b -a -o
          

          And got the following screen shot
          ad3093df-1a31-4532-9ffc-f886a8d5ad2c-image.png

          When I googled the services it looks like bitdefender (virus software) process which I have installed.

          Any issues?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Most of those are outside that range.

            Try running ps -auxwwd on the firewall and see if it shows you what has started those services.

            You should see something in the config with that range though unless it's something dynamic.

            Steve

            N GertjanG 2 Replies Last reply Reply Quote 0
            • N
              netboy @stephenw10
              last edited by

              @stephenw10 said in SG-2100 23.01 update failed:

              Try running ps -auxwwd on the firewall

              Can you please tell me where I should run this? is it
              Diagnostics -> command prompt?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yes, you can run it there or at the command line directly.

                N 1 Reply Last reply Reply Quote 0
                • N
                  netboy @stephenw10
                  last edited by

                  @stephenw10
                  Here is the output. Masked my IP as XXX.XX.XXXX

                  USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED      TIME COMMAND
                  root        0   0.2  0.0      0   1008  -  DLs  03:05     3:24.93 [kernel]
                  root       11 182.4  0.0      0     32  -  RNL  03:05   916:31.14 - [idle]
                  root       12   0.6  0.0      0    272  -  WL   03:05     3:50.49 - [intr]
                  root        2   0.1  0.0      0     32  -  WL   03:05     5:43.31 - [clock]
                  root        1   0.0  0.0  11328   1192  -  ILs  03:05     0:00.15 - /sbin/init
                  unbound 48358   0.3  3.4 132176 116364  -  Ss   03:06     4:00.19 |-- /usr/local/sbin/unbound -c /var/unbound/unbound.conf
                  root      280   0.0  0.1  12668   2392  -  S    12:00     0:00.07 |-- /usr/bin/tail_pfb -n0 -F /var/log/filter.log
                  root      324   0.0  1.3  72556  44428  -  S    12:00     0:01.13 |-- /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
                  root      381   0.0  0.9 113504  29952  -  Ss   03:05     0:01.64 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
                  root      627   2.1  1.4 147436  48808  -  S    03:06     0:04.78 | |-- php-fpm: pool nginx (php-fpm)
                  root    57391   0.0  0.1  13516   3212  -  R    12:03     0:00.01 | | `-- ps -auxwwd
                  root      382   0.0  1.4 147308  48240  -  I    03:05     0:04.19 | |-- php-fpm: pool nginx (php-fpm)
                  root      383   0.0  1.4 147308  48312  -  I    03:05     0:05.15 | `-- php-fpm: pool nginx (php-fpm)
                  root      430   0.0  0.1  13276   2900  -  INs  03:05     0:00.02 |-- /usr/local/sbin/check_reload_status
                  root      431   0.0  0.1  13276   2668  -  IN   03:05     0:00.00 | `-- check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
                  root      623   0.0  0.1  11548   2272  -  Ss   03:05     0:00.09 |-- /sbin/devd -q -f /etc/pfSense-devd.conf
                  root    14285   0.0  0.1  12708   2468  -  Is   03:06     0:00.19 |-- /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c.conf -p /var/run/dhcp6c.pid mvneta0
                  root    15001   0.0  0.2  20564   8476  -  Is   03:06     0:00.00 |-- sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
                  root    20686   0.0  0.1  13448   3564  -  Ss   03:06     0:16.44 |-- /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
                  root    22302   0.0  0.2  16268   5784  -  Is   03:06     0:00.00 |-- /usr/local/sbin/upsmon
                  uucp    22408   0.0  0.2  16404   6108  -  S    03:06     0:02.16 | `-- /usr/local/sbin/upsmon
                  root    28861   0.0  0.1  13440   3504  -  Is   03:06     0:00.32 |-- /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
                  root    34470   0.0  0.1  13448   2792  -  Is   03:06     0:10.28 |-- /usr/local/bin/dpinger -S -r 0 -i WANGW -B XXX.XX.XXX.XXX -p /var/run/dpinger_WANGW~XXX.XX.XXX.XXX~XXX.XX.XXX.XXX.pid -u /var/run/dpinger_WANGW~XXX.XX.XXX.XXX~XXX.XX.XXX.XXX.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 XXX.XX.XXX.XXX
                  root    39049   0.0  0.2  18788   8144  -  Ss   03:06     0:03.24 |-- /usr/local/sbin/upsd -u root
                  uucp    39751   0.0  0.1  13632   3356  -  Ss   03:06     0:20.54 |-- /usr/local/libexec/nut/usbhid-ups -a ups
                  root    42208   0.0  0.2  18040   7564  -  S    03:06     0:01.68 |-- /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
                  root    42429   0.0  1.2  72556  40428  -  I    03:06     0:00.85 | |-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                  root    42607   0.0  1.2  72556  40440  -  I    03:06     0:00.85 | `-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc index
                  root    45844   0.0  1.2  72556  41716  -  S    03:06     0:37.04 |-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
                  root    52208   0.0  0.1  12888   2620  -  Is   03:06     0:01.22 |-- /usr/sbin/cron -s
                  root    53090   0.0  0.2  21644   7008  -  Ss   03:06     0:04.43 |-- /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
                  root    53854   0.0  0.2  28636   7588  -  Is   03:06     0:00.00 |-- nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
                  root    54298   0.3  0.3  31196   9800  -  S    03:06     0:00.55 | |-- nginx: worker process (nginx)
                  root    54142   0.0  0.2  28636   8312  -  S    03:06     0:00.02 | `-- nginx: worker process (nginx)
                  dhcpd   63464   0.0  0.3  25028  11624  -  Ss   03:06     0:06.09 |-- /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid mvneta1 mvneta1.4084
                  root    63586   0.0  0.1  12636   2412  -  Is   03:06     0:00.11 |-- /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
                  root    67599   0.0  0.1  12716   2896  -  Ss   03:06     0:16.76 |-- /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
                  root    67598   0.0  0.1  13336   2888  -  Is   11:39     0:00.02 | `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
                  root    68273   0.0  0.1  12568   2264  -  I    11:39     0:00.01 |   |-- /bin/cat
                  root    68366   0.0  0.1  19232   5188  -  IC   11:39     0:00.01 |   |-- /usr/local/libexec/sshg-parser
                  root    68658   0.0  0.1  13208   2832  -  IC   11:39     0:00.02 |   |-- /usr/local/libexec/sshg-blocker
                  root    68832   0.0  0.1  13336   2892  -  I    11:39     0:00.00 |   `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
                  root    68954   0.0  0.1  13336   2896  -  I    11:39     0:00.01 |     `-- /bin/sh /usr/local/libexec/sshg-fw-pf
                  root    72936   0.0  0.1  12564   2140  -  Is   03:06     0:00.00 |-- /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
                  root    73200   0.0  0.1  12564   2160  -  I    03:06     0:00.03 | `-- minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
                  root    73338   0.0  0.1  12564   2136  -  Is   03:06     0:00.00 |-- /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
                  root    73409   0.0  0.1  12564   2156  -  I    03:06     0:00.02 | `-- minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
                  root    73639   0.0  0.1  12564   2136  -  Is   03:06     0:00.00 |-- /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
                  root    74026   0.0  0.1  12564   2160  -  I    03:06     0:00.00 | `-- minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
                  root    74227   0.0  0.1  12564   2136  -  Is   03:06     0:00.00 |-- /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
                  root    74676   0.0  0.1  12564   2160  -  I    03:06     0:00.00 | `-- minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
                  root    36272   0.0  0.1  13336   2836 u0- IN   03:06     0:15.20 |-- /bin/sh /var/db/rrd/updaterrd.sh
                  root    52404   0.0  0.1  12564   2060  -  INC  12:03     0:00.00 | `-- sleep 60
                  root    48872   0.0  0.1  13096   2848 u0  Is   03:06     0:00.04 `-- login [pam] (login)
                  root    49943   0.0  0.1  13336   3176 u0  I    03:06     0:00.03   `-- -sh (sh)
                  root    56717   0.0  0.1  13336   2900 u0  I+   03:07     0:00.02     `-- /bin/sh /etc/rc.initial
                  root        3   0.0  0.0      0     48  -  DL   03:05     0:00.00 - [crypto]
                  root        4   0.0  0.0      0     48  -  DL   03:05     0:10.25 - [cam]
                  root        5   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [busdma]
                  root        6   0.0  0.0      0    704  -  DL   03:05     0:46.90 - [zfskern]
                  root        7   0.0  0.0      0     16  -  DL   03:05     0:35.76 - [pf purge]
                  root        8   0.0  0.0      0     16  -  DL   03:05     0:04.18 - [rand_harvestq]
                  root        9   0.0  0.0      0     16  -  DL   03:05     0:00.19 - [task: mx25l flash]
                  root       10   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [audit]
                  root       13   0.0  0.0      0     32  -  DL   03:05     0:00.00 - [ng_queue]
                  root       14   0.0  0.0      0     48  -  DL   03:05     0:00.04 - [geom]
                  root       15   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [sequencer 00]
                  root       16   0.0  0.0      0    160  -  DL   03:05     0:08.29 - [usb]
                  root       17   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [mmcsd0: mmc/sd card]
                  root       18   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [mmcsd0boot0: mmc/sd]
                  root       19   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [mmcsd0boot1: mmc/sd]
                  root       20   0.0  0.0      0     48  -  DL   03:05     0:07.05 - [pagedaemon]
                  root       21   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [vmdaemon]
                  root       22   0.0  0.0      0     48  -  DL   03:05     0:01.03 - [bufdaemon]
                  root       23   0.0  0.0      0     16  -  DL   03:05     0:00.56 - [syncer]
                  root       24   0.0  0.0      0     16  -  DL   03:05     0:00.38 - [vnlru]
                  root       25   0.0  0.0      0     16  -  DL   03:05     0:00.00 - [ALQ Daemon]
                  
                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @stephenw10
                    last edited by

                    @stephenw10 said in SG-2100 23.01 update failed:

                    Most of those are outside that range.
                    Try running ps -auxwwd on the firewall and see if it shows you what has started those services.

                    All these :

                    61983589-982e-4be0-b9fa-d5886b3fcdf4-image.png

                    is not on pfSense.
                    It's a PC (called AlienwareLaptop) connecting it's LAN IP to 127.0.0.1 or the other way around.
                    IMHO, the image doesn't show anything that involves pfSense.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      What do you see in /var/etc/xinetd.conf?

                      cat /var/etc/xinetd.conf
                      
                      N 1 Reply Last reply Reply Quote 0
                      • N
                        netboy @stephenw10
                        last edited by netboy

                        @stephenw10 said in SG-2100 23.01 update failed:

                        What do you see in /var/etc/xinetd.conf?

                        This is a long list and all of them I assume is my laptop (127.0.0.1) -- bitdefender anti virus I assume. Since the list is pretty big here is the linke

                        output

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          SteveITS Galactic Empire @netboy
                          last edited by

                          @netboy 127.0.0.1 is a loopback address that means "myself"...so it depends where you are running the commands. On pfSense that would be pfSense. On your laptop, your laptop.

                          What is 172.16.0.30?

                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                          Upvote šŸ‘ helpful posts!

                          N 2 Replies Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Hmm the fact it starts at port 80 makes me think that could be config error. It's quite common to see a range entered incorrectly like 80-443 when that should be just ports 80 and 443.

                            N 1 Reply Last reply Reply Quote 0
                            • N
                              netboy @SteveITS
                              last edited by

                              @steveits said in SG-2100 23.01 update failed:

                              What is 172.16.0.30?

                              172.16.0.30 is tied to my external domain - run some applications....

                              1 Reply Last reply Reply Quote 0
                              • N
                                netboy @stephenw10
                                last edited by netboy

                                @stephenw10
                                You are on the money :-)

                                0a46c3b5-e324-4ac4-bdb7-61ec46e0354e-image.png

                                Maybe I should just enter 80,443 instead of 80-480?

                                1 Reply Last reply Reply Quote 0
                                • N
                                  netboy @SteveITS
                                  last edited by

                                  @steveits said in SG-2100 23.01 update failed:

                                  @netboy 127.0.0.1 is a loopback address that means "myself"...so it depends where you are running the commands. On pfSense that would be pfSense. On your laptop, your laptop.

                                  892945d2-60d2-46fd-afb7-d64f6f9b930b-image.png

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Yeah you almost certainly don't want all those ports forwarded. If you need several ports you should create a ports alias and then use that in the rule instead.
                                    I imagine you have NAT reflection enabled specifically in the rule too. That's what's creating the xinetd entries. I would remove that too unless you really need it.

                                    Steve

                                    N 1 Reply Last reply Reply Quote 0
                                    • N
                                      netboy @stephenw10
                                      last edited by netboy

                                      @stephenw10
                                      My external domain points to 172.16.0.30 port 80(http) and 443(https). I access this from outside like https://subdomain.mydomain.com.
                                      I guess I need to open this port to access https://subdomain.mydomain.com?

                                      Is this correct?

                                      83896130-309b-4493-863b-482adfc7e3f7-image.png

                                      Should I disable NAT Reflection?

                                      7ab5bfe7-050a-4916-b2da-70cbe0f0abab-image.png

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        No. You can only enter one port there or an alias that has multiple ports.

                                        If you only need 2 ports forwarding just make one port forward for each port.

                                        N 1 Reply Last reply Reply Quote 0
                                        • N
                                          netboy @stephenw10
                                          last edited by

                                          @stephenw10
                                          My understanding is create 2 entries - As an example for 80

                                          3ebc7e51-f52c-4f8b-9934-3674f0efe09f-image.png

                                          And do the above one for 443 as well

                                          And for both NAT reflection must be enabled I guess (to access from outside) - kindly confirm

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Yes. Though you can just put 'http' in both from and to port fields, port 80 is the http port.

                                            NAT reflection allows internal clients to access the resource using the external destination. It's not required for access from external clients.

                                            Steve

                                            N 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.