Upgraded to 2.0.2-RC1 and now I can't access the internet
-
So I just hastily updated to 2.0.2, I think I was at 2.0-RC3 before. Being a dumbass, I didn't backup my settings or anything.
After the update I couldn't access the internet, turned out dns server settings got cleared, but it still didn't work after typing them in again.
Note that I didn't change anything regarding physical connections and such.Anyway, lets fast forward to now. I have reset to factory defaults, configured my interfaces again, etc, etc.
I CAN ping remote sites from the WAN interface, DNS is working and everything.
I CANNOT ping remote sites from the lan interface (or any machine connected to it).What is strange about it though is that I seem to be able to access the remote DNS from the lan, cause when I ping, say google.com, it resolves to the right ip address but the address is still unreachable.
I can still access everything on the lan from anything on the lan.My pfsense box is connected to a telsey box on the wall which is connected to my fiber. Pfsense's WAN gets an ip from the telsey box over DHCP and there's nothing in between them.
Right now I just have 1 computer connected to pfsense lan interface.I have attached pictures of my configuration.
Please ask if you need more info.Hoping this is some silly config error, will be very thankful for any help diagnosing this.
Thanks in advance.
-
what does your Outbound NAT page look like??
-
what does your Outbound NAT page look like??
"Automatic outbound NAT rule generation…" is checked and there are no mappings listed.
edit: oooh I get a a cryptic error message under staus->filter reload.
There were error(s) loading the rules: pfctl: pfctl_rulespfctl: DIOCXROLLBACK: Invalid argument - The line in question reads [pfctl_rules pfctl]: …
What does this mean?
Maybe a bug? If it is, is it possible to downgrade to 2.0.1 without a full reinstall?
-
Not sure how you even got to 2.0.2, it's not supposed to be available for anyone other than us. Though we may be using the same snapshot location (except "hidden", at least no links to it) as we used pre-2.0 release. Use the manual firmware update to install 2.0.1 full update file to get to 2.0.1.
-
Curiosity got to me… Not that hard, took me about two minutes to find 2.0.2 and figure out how to get an update to it on my 2.0.1 demo box. I won't post the URL since it seems you don't want that out there, but the hardest part is figuring out how to form the update URL once you've figured out WHERE 2.0.2 is.
Anyways, back to the OP's concern, following the update to 2.0.2 (which since it's not officially out there yet I wouldn't consider if it wasn't a test system. Of course I'm running 2.1 snapshots in a deployed server out of necessity, LOL), everything seems to continue to work fine for me. I know, "works for me" isn't ideal, but it might help.
-
I have 2.0.2-RC also, but I have not used that in production, but in my lab it works fine. I got mine by building my own ISOs.
markuhde - did you do a binary upgrade or a git update? what is the build time on that 2.0.2 you have installed? -
Hard to say why you aren't able to get to the Internet, but since the config version is the same between 2.0, 2.0.1, and 2.0.2, if you can download a firmware update for 2.0.1-RELEASE, I'd try that.
Though I am running 2.0.2 on my Alix, and many VMs, and it's working perfectly now that I've got NTP sorted out.
As others mentioned, double check your outbound NAT, rules, and so on. If there is nothing sensitive in your config, I'd be interested in seeing it, if you don't mind e-mailing it to us, (my forum username) at pfsense.org
Actually, coming from 2.0-RC3 to 2.0-RELEASE/2.0.x, you'd probably also want to check your DNS settings. Some changes to dnsmasq snuck in right before 2.0-RELEASE shipped so it's also possible that contributed.
-
@cmb:
Not sure how you even got to 2.0.2, it's not supposed to be available for anyone other than us. Though we may be using the same snapshot location (except "hidden", at least no links to it) as we used pre-2.0 release. Use the manual firmware update to install 2.0.1 full update file to get to 2.0.1.
huh… I just updated with the web interface updater :S
It said it was unsigned, but I didn't really pay attention.I actually started a console upgrade with the 2.0.1 RELEASE file, it started running, then I waited an hour and it was still running, so I went to bed and it's still going in the morning... just showing me those dots.
Anyway, I just found a cd drive and did a clean install and all seems to be working as expected.
-
podilarius, it's a binary update here's the details (this is an install yesterday after switching the update URL to get 2.0.2-RC):
2.0.2-RC1 (i386)
built on Wed May 16 17:53:37 EDT 2012
FreeBSD 8.1-RELEASE-p9Update available. Click Here to view update.
and, after running the auto updater this morning:
2.0.2-RC1 (i386)
built on Thu May 17 23:24:26 EDT 2012
FreeBSD 8.1-RELEASE-p9You are on the latest version.
