New 502 Bad Gateway
-
Hi,
same here - updates onto last version of pfsene & pfblocker - after about a day it becomes unresponsive.
-
Disabling Snort and it's updates has kept me up and running for 2 days now. I'm going to wait another day and then re-enable snort and see what happens. Perhaps Snort needs the same changes that pfblocker has gotten.
-
I made some additional mods to the code. Run the following command to download the patched version from my Github Gist:
fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/raw"Recommend a reboot after downloading the patch.
Please let me know your feedback!
-
For me after 2.4.1-RELEASE (amd64) and pfBlockerNG 2.1.2_1 Finally no more err 502 or 504. Open VPN keep connections.
Sistem running for 2 Days 09 Hours 02 Minutes 23 Seconds. Before i had issues after 6-9 hrs.
Many thnx fo all.
-
Hey all,
Try disabling the Dashboard auto-update check. It seems unrelated, but I made this change last weekend and my system has been stable ever since.
Well it finally failed after a week of being stable…
-
I made some additional mods to the code. Run the following command to download the patched version from my Github Gist:
fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/raw"Recommend a reboot after downloading the patch.
Please let me know your feedback!
I installed this today and after 6 hours of running my pFsense VM increased disk usage of over 20gb and crashed the VM and needed to be rebuilt.
-
I installed this today and after 6 hours of running my pFsense VM increased disk usage of over 20gb and crashed the VM and needed to be rebuilt.
I don't think the patch would have done that… Confirmed with a few other users. Check your PM for details and we can go from there... Thanks!
-
I made some additional mods to the code. Run the following command to download the patched version from my Github Gist:
fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/raw"Recommend a reboot after downloading the patch.
Please let me know your feedback!
I installed this today and after 6 hours of running my pFsense VM increased disk usage of over 20gb and crashed the VM and needed to be rebuilt.
Works on my machines since 4 days without a hassle and without filling up the disks.
What was filled up, did you have had a look on the files? -
I made some additional mods to the code. Run the following command to download the patched version from my Github Gist:
fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/raw"Recommend a reboot after downloading the patch.
Please let me know your feedback!
I installed this today and after 6 hours of running my pFsense VM increased disk usage of over 20gb and crashed the VM and needed to be rebuilt.
Works on my machines since 4 days without a hassle and without filling up the disks.
What was filled up, did you have had a look on the files?I checked BBcan's pm and started the process again and keeping check on a few things this time. I couldn't check when it happened though as it had reached 109% storage and the VM crashed and when I rebooted it, it took everything with it. Configs for all services where 95% lost (like 3 DHCP mappings remained of a list of 200+, lost all NAT/Rules). So I ended up just factory resetting and am now attempting to replicate the findings. I will keep everyone updated as the day progresses.
-
2.4.1-RELEASE (amd64) and pfBlockerNG 2.1.2_1 which has been just fine until this morning. I now get the 502 bad gateway again. I installed the two patch files as well prior to the update to 2.1.2_1. I don't know when I lost access since the system will continue to run but I think I looked at the GUI yesterday.
I just installed the most recent change from the previous page so ignore this until I have more time to keep an eye on it. I read past the 3rd file thinking it was one of the previous files.
-
I've been struggling with this same issue on two devices (SG-2240 and SG-4860) since this thread was created as well. I'm currently on the 2.4.1 release with the latest pfblockerng, snort and squid/squidguard packages. In all cases, it seems like this issue is encountered at the stroke of midnight. I've been ready to capture the console text but like other users have reported, the console stops responding completely so I can't capture the data requested.
Last night, I looked at all the cron jobs that were kicking off around midnight and there were several that were happening at exactly midnight. I modified them to have at least 5 minutes separation to see if that might help. I've also tried pausing pfblockerng and snort and still get the 502.
Just thought I would also report this is still an on going issue.
-
I've already posted it once, but a ZFS install cured all my issues. Even on 2.4.0 and pbng 2.1.2
-
Hi, All
Is it just the pfBlockerNG DNSBL issue? Can I turn on the IPv4 blocks only? I have upgraded to 2.4.1 (ufs) already, pfBlockerNG is disabled due to the issue, but I really want to turn it on. Thanks.
-
Really dumb question I am sure, but if the WEB GUI is giving a Bad Gateway, is the only way to correct this with a clean install? I am not sure if SSH access was enabled but ssh to 192.168.1.1 and .254 times out.
If I restart the router with via the power cord, I still can't get past the bad gateway even for a second.
Am I doomed?
-
I've already posted it once, but a ZFS install cured all my issues. Even on 2.4.0 and pbng 2.1.2
I did a clean install with ZFS and am still getting this issue.
-
For me after 2.4.1-RELEASE (amd64) and pfBlockerNG 2.1.2_1 Finally no more err 502 or 504. Open VPN keep connections.
Sistem running for 2 Days 09 Hours 02 Minutes 23 Seconds. Before i had issues after 6-9 hrs.
Many thnx fo all.
Just to add that my system still works without issues for 6 Days 23 Hours 15 Minutes. If anyone needs any outputs i will provide, but just tell me what to do to create logs.
Cheers!
-
I disabled pfBlockerNG but I'm also getting this 502 Bad Gateway message.
When I log in via SSH it just shows:
pfSense -
And you can't do anything. However if I hit ctrl-z it drops to a working shell allowing me to reboot so I can get in via the GUI.
Hope this helps others who don't have easy access to their routers.
Steve
-
Hello,
still getting this issue after a few hours of uptime.
2.4.1-RELEASE (amd64) running on ufs
pfBlockerNG - 2.1.2_1
snort - 3.2.9.5_2 (newer one available)Just disabling the DNSBL helps to keep everything working. But thats not the sense to deactivate it.
pfblockerNG with disabled DNSBL runs fine. -
This has happened twice today so this is still an issue.
pfSense Netgate SG-4860
2.4.1-RELEASE (amd64)pfBlockerNG 2.1.2_1
I have attached the recommended Output File but was wondering if there is anything else that needs to be supplied to help?
[pfSense Output File_11-2-17.txt](/public/imported_attachments/1/pfSense Output File_11-2-17.txt)
-
Just to add to this thread, I can confirm that the above fix worked for me. I had this issue after pushing out the upgrade to 2.4 and followed the post above (I commented the lines out rather than deleting them). Since then it has been stable and all pfSense routers in my environment have stopped giving the bad gateway error.
After I commented out that block of code, I've been stable although I know it's just a bandaid for now. On one of my 8 devices, I've been pushing out the updates for pfblockerng and am still getting the Bad Gateway 502 nginx error. In turn, with all packages up to date, I've simply commented out the updated block of code and again it seems to be stable. I know this is not the fix, but at least I'm not having to reboot the gateway router 1-2x a day.
Here is what I commented out:
File: /usr/local/www/pfblockerng/www/index.php
// Increment DNSBL Alias counter /*if (!empty($pfb_query)) { * $pfb_found = FALSE; * * $dnsbl_info = '/var/db/pfblockerng/dnsbl_info'; * if (($handle = @fopen("{$dnsbl_info}", 'r')) !== FALSE) { * $lock_handle = @try_lock($handle, 5); * if ($lock_handle) { * if (($pfb_output = @fopen("{$dnsbl_info}.bk", 'w')) !== FALSE) { * $lock_pfb_output = @try_lock($pfb_output, 5); * if ($lock_pfb_output) { * $pfb_found = TRUE; * * // Find line with corresponding DNSBL Aliasname * while (($line = @fgetcsv($handle)) !== FALSE) { * if ($line[0] == $pfb_query) { * $line[3] += 1; * } * @fputcsv($pfb_output, $line); * } * @unlock($lock_pfb_output); * } * @unlock_force($pfb_output); * @fclose($pfb_output); * } * @unlock($lock_handle); * } * @unlock_force($handle); * @fclose($handle); * } * * if ($pfb_found) { * @rename("{$dnsbl_info}.bk", "{$dnsbl_info}"); * } *} */I'll check back Monday to see if there are any updates! Have a nice weekend everyone!
