Pfsense stops. Please help.

stephenw10 · Oct 29, 2018, 7:17 PM

pfSense tried to create an ARP entry for that IP/MAC and failed because it couldn't write to the routing socket due to a memory allocations failure. Hard to say more than that. I imagine those are fixed DHCP leases you have set static ARP on.

Really I wouldn't even look at that until your hardware issue is addressed. Which resolve it anyway.

Steve

emammadov · Oct 29, 2018, 7:21 PM

This memory allocations failure is due to hardware problem, right? After fixing that, these error will not occur again? Until today, I have never seen these errors before.

stephenw10 · Oct 29, 2018, 7:25 PM

Then they are probably related.

Steve

emammadov · Oct 31, 2018, 5:19 AM

I changed all rams with new ones, but still get this errors in system logs.

Oct 31 09:06:05 php-fpm 336 /rc.linkup: The command '/usr/sbin/arp -s '192.168.2.240' '00:1a:81:00:1a:f4'' returned exit code '1', the output was 'arp: writing to routing socket: Cannot allocate memory'
Oct 31 09:06:05 php-fpm 336 /rc.linkup: The command '/usr/sbin/arp -s '192.168.2.235' '00:0c:29:a8:72:2b'' returned exit code '1', the output was 'arp: writing to routing socket: Cannot allocate memory'
Oct 31 09:06:05 php-fpm 336 /rc.linkup: The command '/usr/sbin/arp -s '192.168.2.234' '00:0c:29:23:82:78'' returned exit code '1', the output was 'arp: writing to routing socket: Cannot allocate memory'
Oct 31 09:06:05 php-fpm 336 /rc.linkup: The command '/usr/sbin/arp -s '192.168.2.230' '00:0c:29:d0:17:c5'' returned exit code '1', the output was 'arp: writing to routing socket: Cannot allocate memory'

stephenw10 · Oct 31, 2018, 5:18 PM

Is that a static DHCP lease defined on the firewall? If not what is that device, where is it defined?

Did you see those errors logged prior to the hardware event?

Steve

emammadov · Oct 31, 2018, 5:40 PM

Clients are getting ip address via dhcp with static mappings. I began to see these errors after restarting pfsense. Actually I have noticed pfsense after restart in the past and haven't see these error logs.

login-to-view

Gertjan · Oct 31, 2018, 6:04 PM

@emammadov said in Pfsense stops. Please help.:

Cannot allocate memory'

Time for a trip to the console. Here are several useful commands.

emammadov · Oct 31, 2018, 7:32 PM

It has been 2 days that pfsense doesn't stop. But I want to understand why I see these errors in system logs.

stephenw10 · Oct 31, 2018, 7:37 PM

So you're seeing that for all the static ARP entries then?

Do you actually see them in the ARP table?

Steve

emammadov · Oct 31, 2018, 8:09 PM

Yes, I see all the static arp entries and they are also located in the arp table. I changed all RAMs with new ones. Network cards are new.

I am attaching logs in .txt file.
0_1541015861024_logs.txt

stephenw10 · Sep 26, 2019, 2:59 PM

Hmm, odd. Do you need those to be static ARP entries?

Did you find any logging in the bios or iLO indicating what the hardware issue was?

Steve

almost__retarded · Sep 26, 2019, 3:04 PM

@stephenw10 said in Pfsense stops. Please help.:

Hmm, odd. Do you need those to be static ARP entries?

Did you find any logging in the bios or iLO indicating what the hardware issue was?

Steve

Bumping this as I am experiencing the same issue as discussed although my pfsense box seems to be operating normally.

Here is a copy of my syslog.

I have created a thread on the pfSense subreddit as well. That thread is located here.

stephenw10 · Sep 26, 2019, 3:13 PM

Usually that means it can't add entries for those IPs as it doesn't have an interface in that subnet. What interfaces/IPs do you have?

What are those IPs though? They all have the same, obviously spoofed, MAC.

Steve

almost__retarded · Sep 26, 2019, 3:22 PM

@stephenw10 should have mentioned that the logs were scrubbed. The MAC addresses are all unique and valid.

I have a two port chelsio t520 with both ports bonded in a LAGG interface. I am using that LAGG as the parent for all of the VLANs. The IP addresses are static DHCP/ARP reservations created for each of the subsequent virtual interfaces.

stephenw10 · Sep 26, 2019, 4:26 PM

But what subnets are they using?

almost__retarded · Sep 26, 2019, 4:29 PM

@stephenw10 ah, apologies. The VLANS are all /24

In the interface settings I have given them each a static IP of 10.0.XX.1/24

stephenw10 · Sep 26, 2019, 4:35 PM

Ok so are those VLANs all up and valid when you are seeing those errors? As I said that usually indicates it's trying to create an ARP entry for an IP outside any valid subnet on the firewall.

Steve

almost__retarded · Sep 26, 2019, 4:37 PM

@stephenw10 yeah, that's why it's so strange, they are all within the /24 subnet. These log entries appear on boot in the general logs tab.

stephenw10 · Sep 26, 2019, 4:39 PM

The log shows only that the lagg is down:

Sep 26 10:08:38 pfSense kernel: lagg0: link state changed to DOWN

I assume all the VLANs are on that lagg so will also be down.

Steve

almost__retarded · Sep 26, 2019, 4:44 PM

@stephenw10 yes, I thought of that as well. I have the switch ports turned off while I configure the firewall so nothing is actually connected to the pfsense box at the moment. I'm accessing the GUI via the LAN interface.

I turned the switch ports on and reboot the box but I'm still getting the same errors. Would it matter if the interfaces were created when the LAGG was down?