PfSense 2.2, ath0 interface kills firewall
-
Apologies, it is late and I will post something more useful than "it broke" tomorrow. Fault probably occurred in this order, will reproduce and report back but in case this helps anyone in the meantime:
Upgraded to 2.2 AMD64 from 2.1.5
Enabled 802.11n on wireless interface - not sure if this caused the issue or if traffic was flowing before.
Realised no traffic through firewall. PING to internet from pfSense WAN worked, but not from anything internal including pfSense LAN interface.
Error logged:
php-fpm[20321]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: ath0_wlan0: driver does not support altq - The line in question reads [0]:
Disabled wireless interface
Error now changed to:
php: rc.bootup: New alert found: There were error(s) loading the rules: pfctl: DIOCGIFSPEED: Invalid argument - The line in question reads [0]:
Created new VLAN "WLAN DUMMY" and assigned wireless interface to this - even though the interface was disabled having an interface mapped to the physical device seemed to cause problems.
Traffic now flows through firewall as expected.
I will pick this up in the morning, goodnight.
-
I started working backwards from last night.
Mapped wireless interface back to wireless card. No fault.
Reenabled interface. No Fault.
Recreated wireless network - as AP mode, WPA2 PSK. Firewall still working but wireless interface is down, and error returns to logs:php-fpm[76381]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: ath0_wlan0: driver does not support altq - The line in question reads [0]:
Rebooted pfSense - original fault returns.
A little background on my config - my pfSense is as described in my sig. The re0 NIC on the motherboard is VLANned to several virtual interfaces, the em0 interface is the WAN and ath0 NIC for wireless.
With more time to test, I see the following.
Wireless interface still down after reboot. It was showing as up yesterday.
Cannot PING from internal clients of pfSense internal interfaces to internet.
Can PING from one internal interface to another.
Can PING from pfSense WAN to internal IP address.
Can PING WAN gateway from internal client - this is the only external address that does return from internal clients.Mapped wireless interface back to dummy VLAN, no immediate change but everything else working again after a reboot.
Recreated Wireless network and then removed traffic shaper config. After a reboot wireless interface is still down but everything else working.
It looks like I have the same problem described by Orsiris de Jong here - https://redmine.pfsense.org/issues/3913. I will do a fresh install and set up from scratch and see if that makes any difference.
-
Like it says, the ath driver doesn't support traffic shaping, but you apparently have it enabled. Just disable the queues for that interface.
-
That's odd, ath should be ALTQ-enabled. It works for me, both on ath0 and VAPs like ath0_wlan1. How are your interfaces configured?
-
I'm seeing the same thing: Enabling traffic shaping on ath0_wlan0 (card has a 9280 chip) on my box produces the following error:
There were error(s) loading the rules: pfctl: ath0_wlan0: driver does not support altq - The line in question reads [0]: -
Hello everybody :)
I upgraded my pfsense appliance this morning ( from version 2.1.5 to version 2.2 ) …. and face the same issue as the one described here :
- the firewall died after boot and no inbound / outbound traffic was possible for the connected clients ( I also have traffic shaping enabled for the WLAN / OPT2 if )
php: rc.bootup: New alert found: There were error(s) loading the rules: pfctl: ath0_wlan0: driver does not support altq - The line in question reads [ 0 ]
Fortunately, the error message displayed was clear enough to understand that the ath0 WLAN device driver was causing the issue.
I disabled the interface, rebooted and everything was working fine again ( except that of course no Wireless is available, for now … ).
NB : This configuration was working fine with version 2.1.5
-
I was able to replicate this. It works if you're just using ath0, but if you also (or only) have ath0_wlanX interfaces, it'll break.
https://redmine.pfsense.org/issues/4406 -
Apologies for not responding sooner, "life happened" but thank you to all for looking in to this despite OP seemingly abandoning their own feedback.
I am ashamed to say I can't promise I can spend any time on this so have been looking for the "donate" button, can I just not find it or am I reading this incorrectly? https://forum.pfsense.org/index.php?topic=61788.msg393178#msg393178
"The pfSense team no longer accepts donations….."
-
No donations, but there are plenty of ways you can support our work. The store (https://store.pfsense.org) has a variety of things, stickers, shirts, up to hardware platforms. The gold subscription @ portal.pfsense.org is another great option.
-
Yes that was my next choice. I should really do a fresh install soon and apply some of the things I have learned with pfSense over the last year or so, I have bought a USB install stick.