Cannot Forward Port range in PFSense 2.0

DeMiNe0 · Dec 24, 2009, 12:54 AM

I get the following error in my log when I make a ranged port set for forwards.

Dec 23 19:48:39 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded'
Dec 23 19:48:39 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded The line in question reads [79]: rdr on fxp0 proto tcp from any to 192.168.155.149 port 22300-22399 -> $DI0SRV0101 port 22300
Dec 23 19:48:39 php: : There were error(s) loading the rules: /tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [79]: rdr on fxp0 proto tcp from any to 192.168.155.149 port 22300-22399 -> $DI0SRV0101 port 22300

jimp · Dec 24, 2009, 2:04 AM

The snapshot built in the middle of a set of commits, apparently.

It's already fixed in git. Either wait and update to the next snapshot or do a gitsync from the console.

DeMiNe0 · Dec 24, 2009, 2:12 AM

Ah ha. Glad I was able to bring that small bug to the surface then. Is there an article on using gitsync? Or do I just console the machine it's running on, and type gitsync into the developer console?

I'm new to using pfsense, and I'm currently just testing it out.

jimp · Dec 24, 2009, 2:38 AM

If you've never done a gitsync before, you will need to go to a standard shell on the console (opt 8 ) and run:

pkg_add -r git

Then exit out of there, and choose the PHP/Developer shell and type

playback gitsync master

That should pull in the latest commits to the tree.

DeMiNe0 · Dec 24, 2009, 3:33 AM

This is strange. When i do the pkg_add -r git in the shell, it will get up too
"Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/python26-2.6.2_3.tbz…"

And not do anything else after that. It's been sitting here like that for about an hour.

I also tried reinstalling pfsense 2.0 as a fresh install, and I still get the same result.

jimp · Dec 24, 2009, 3:42 AM

Huh. I just did that pkg_add -r git on a box yesterday and it worked, haven't had a fresh 2.0 box to try today.

If a process on FreeBSD (or pfSense, of course) appears to be "stuck" you can always hit ctrl-T to signal the process to print a status update to the terminal.

DeMiNe0 · Dec 24, 2009, 4:20 AM

When I press CTRL+T, it looks to be stuck on "extracting +CONTENTS" If i do CTRL+T again, I get
"load 0.00 cmd : bsdtar 1440 [piperd] 503.47r 630u 0.60s 0% 2320k"

jimp · Dec 24, 2009, 5:06 AM

Hmm, you'd think it would throw an error rather than just stalling

Is this a full install or nanobsd?

DeMiNe0 · Dec 24, 2009, 5:19 AM

This is a full install.

I just did another reinstall of pfsense 2.0, and instead of installing the git package, I went and ran "playback git master". It looks like it ran, but I noticed an error at the end. It scrolled past too fast for me to see. So I'm not sure if I have the latest version yet.

jimp · Dec 24, 2009, 4:17 PM

I guess that depends on the error, really.

It may be better to wait and just upgrade to the next snapshot that comes out (or which has probably come out overnight)

DeMiNe0 · Dec 24, 2009, 4:52 PM

Sounds like a plan. THe snapshot should of come out by now. I'll give that one a shot.

DeMiNe0 · Dec 24, 2009, 6:54 PM

I used the auto updater to update to the latest snapshot, and everything seems to be working fine.

_igor_ · Dec 25, 2009, 11:11 AM

I did that and it worked so like a charm. The only thing I noticed was this:

===> Signaling PHP and Lighty restart…

Warning: Invalid argument supplied for foreach() in /usr/local/sbin/pfSsh.php(334) : eval()'d code on line 261
===> Checkout complete.

Your system is now sync'd and PHP and Lighty will be restarted in 5 seconds.

pfSense shell: Terminated

jimp · Dec 25, 2009, 2:17 PM

igor,

I think that was a bug in a previous snapshot which was fixed since then. I saw that once but haven't seen it again on subsequent gitsync runs.

xbipin · Dec 27, 2009, 3:11 PM

i have port forwarded to lan clients and rules present under wan firewall rules but systemlog keeps reporting this so is it the same thing to with the port forward or something else?

inetd[377]: 28184/udp: unknown service

jimp · Dec 27, 2009, 3:25 PM

That would probably be from NAT reflection.

Try with NAT reflection disabled, if the message goes away and then comes back when you turn NAT reflection on again, it may be worthy of opening a bug report.

xbipin · Dec 28, 2009, 7:05 AM

with nat reflection disabled, the message seems to have gone

cmb · Dec 29, 2009, 1:23 AM

That "unknown service" message was a consequence of a reflection bug that was fixed yesterday.

xbipin · Dec 29, 2009, 6:03 AM

ill test it with the 28th december snapshot