Auto Config Backup Issue
-
@AlexJ8791 said in How to Reinstall Auto Config Backup:
xinetd
What is in your
/var/etc/xinetd.confOff the top, I don't know which package you running would be using xinetd?
What are you running on those services? Those are oddball ports..19212,213,214?? etc..
edit: You doing NAT Reflection?? only thing that comes to mind for why xinetd would be doing stuff is nat reflection..
-
It's actually a long file :
#wc -l /var/etc/xinetd.conf
3835 /var/etc/xinetd.confI don't use those ports in any of my rules!
Maybe they are related to the "NAT Reflection" feature. It's been set to NAT + Proxy in my box.#head -40 /var/etc/xinetd.conf
service 19000-tcp
{
type = unlisted
bind = 127.0.0.1
port = 19000
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/bin/nc
server_args = -w 2000 172.20.16.2 10060
}service 19001-tcp
{
type = unlisted
bind = 127.0.0.1
port = 19001
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/bin/nc
server_args = -w 2000 172.20.35.2 80
}service 19002-tcp
{
type = unlisted
bind = 127.0.0.1
port = 19002
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/bin/nc
server_args = -w 2000 172.20.35.2 443
} -
@AlexJ8791 said in How to Reinstall Auto Config Backup:
It's been set to NAT + Proxy in my box.
Why? Are you using Nat reflection??
Nat reflection shouldn't be enabled unless you have a specific need for it, and even then I would suggest you figure out why you actually would want/need reflection.. It really is an abomination if you ask me ;)
-
I have several web servers behind this pfsense box and without NAT Relfection they won't work correctly.
I think there might be something else going on on this box because I have the same firewall box with the same packages installed in another location and it has no issue. -
@AlexJ8791 said in How to Reinstall Auto Config Backup:
without NAT Relfection they won't work correctly.
Why is that, your local devices should just resolve the local IP for whatever your public FQDN is.. There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.
Suggest you test by turning off nat reflection, and seeing if it fixes your delay in rule changes.
-
There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.
There are several cases in which we have to use nat reflection. One of them is when clients on your web server want to use the famous Wordpress CMS. This application needs to able to see its public address in order to work correctly especially in Network Mode. This issue could be tackled with DNS Split but when you have hundreds of websites and your clients keep adding/removing websites on the server, it's impossible to implement this feature.
And as I said I have the same setup in another location with no issue so I think nat reflection is not the issue. -
I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.
So in your log what is the time between sync firewall and reloading filter entries?
I haven't played with wordpress in quite some time, but I have doubts that feature requires nat reflection. If I get a chance I might test this, because it makes no sense that nat reflection should be required for that to work.
-
I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.
I would definitely give a shot.
If I get a chance I might test this.
I'd appreciate it.
-
So in your log what is the time between sync firewall and reloading filter entries?
Here is the complete log entries of a rule modification :
Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
Apr 16 18:13:10 fwl01 check_reload_status: Reloading filter
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
Apr 16 18:13:12 fwl01 xinetd[63305]: Starting reconfiguration
Apr 16 18:13:12 fwl01 xinetd[63305]: Swapping defaults
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19000-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19001-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19002-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19003-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19008-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19009-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19010-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19011-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19012-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19013-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19014-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19015-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19016-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19017-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19018-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19019-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19020-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19021-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19022-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19023-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19024-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19025-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19026-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19027-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19028-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19029-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19030-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19031-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19032-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19033-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19034-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19035-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19036-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19037-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19038-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19039-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19040-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19041-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19042-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19043-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19044-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19045-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19046-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19047-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19048-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19049-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19050-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19051-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19052-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19053-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19054-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19055-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19056-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19057-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19058-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19059-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19060-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19061-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19062-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19063-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19064-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19065-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19066-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19067-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19068-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19069-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19070-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19071-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19072-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19073-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19074-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19075-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19076-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19077-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19078-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19079-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19080-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19081-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19082-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19083-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19084-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19088-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19089-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19090-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19091-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19092-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19093-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19094-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19095-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19096-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19097-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19098-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19099-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19100-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19101-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19102-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19103-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19104-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19105-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19106-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19107-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19108-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19111-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19112-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19113-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19114-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19115-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19116-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19117-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19118-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19120-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19121-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19126-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19127-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19128-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19129-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19130-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19131-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19132-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19133-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19136-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19137-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19138-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19141-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19142-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19143-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19144-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19145-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19146-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19147-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19148-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19149-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19150-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19153-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19154-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19155-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19156-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19162-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19163-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19164-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19166-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19167-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19168-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19174-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19175-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19176-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19182-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19183-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19184-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19190-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19191-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19192-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19195-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19196-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19197-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19198-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19199-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19205-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19206-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19207-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19208-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19209-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19210-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19213-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19214-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19215-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19216-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19217-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19218-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19219-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19220-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19221-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19222-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19223-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19224-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19225-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19226-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19227-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19228-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19229-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19230-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19231-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19232-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19233-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19234-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19235-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19236-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19237-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19238-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19239-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-tcp
Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-udp
Apr 16 18:13:12 fwl01 xinetd[63305]: Reconfigured: new=0 old=296 dropped=0 (services) -
I've disabled NAT Reflection completely but that didn't help either.
Auto Conf Backup still doesn't work, even when I create a manual backup! -
@AlexJ8791 said in How to Reinstall Auto Config Backup:
Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
Apr 16 18:13:10 fwl01 check_reload_status: Reloading filterWell that looks like 13 seconds not minutes.
This looks like something not right
Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
When you reload your rules.. have you looked at the monitor link to get the details of the reload
https://sg4860.local.lan:8443/status_filter_reload.php -
I've reloaded the filter and it went pretty fast but creating an alias or a rule takes a minute or sometimes two minutes.
-
I just found out that I was right and the Auto Config Backup is responsible for the delay.
I connected to the pfsense box via ssh and went to /conf/backup directory. Here is the content:ls -l /conf/backup -rw-r--r-- 1 root wheel 5137 Apr 30 19:26 backup.cache -rw-r--r-- 1 root wheel 8257018 Apr 19 20:00 config-1555686137.xml -rw-r--r-- 1 root wheel 8256968 Apr 20 18:06 config-1555746982.xml -rw-r--r-- 1 root wheel 8257023 Apr 20 19:00 config-1555767383.xml -rw-r--r-- 1 root wheel 8256966 Apr 20 19:02 config-1555770620.xml -rw-r--r-- 1 root wheel 8258103 Apr 22 11:49 config-1555885257.xml -rw-r--r-- 1 root wheel 8258105 Apr 28 17:30 config-1556446368.xml -rw-r--r-- 1 root wheel 8254899 Apr 28 17:31 config-1556456428.xml -rw-r--r-- 1 root wheel 8254649 Apr 28 17:31 config-1556456470.xml -rw-r--r-- 1 root wheel 8254611 Apr 28 17:33 config-1556456504.xml -rw-r--r-- 1 root wheel 8253544 Apr 28 17:33 config-1556456585.xml -rw-r--r-- 1 root wheel 8253334 Apr 28 17:35 config-1556456620.xml -rw-r--r-- 1 root wheel 8254458 Apr 28 17:38 config-1556456700.xml -rw-r--r-- 1 root wheel 8254396 Apr 30 13:32 config-1556568185.xml -rw-r--r-- 1 root wheel 8254624 Apr 30 13:33 config-1556614941.xml -rw-r--r-- 1 root wheel 8255758 Apr 30 14:00 config-1556615018.xml -rw-r--r-- 1 root wheel 8254395 Apr 30 18:35 config-1556627831.xml -rw-r--r-- 1 root wheel 8254149 Apr 30 18:55 config-1556633157.xml -rw-r--r-- 1 root wheel 8254148 Apr 30 18:56 config-1556634321.xml -rw-r--r-- 1 root wheel 8254132 Apr 30 18:57 config-1556634383.xml -rw-r--r-- 1 root wheel 8254178 Apr 30 18:58 config-1556634467.xml -rw-r--r-- 1 root wheel 8254148 Apr 30 19:02 config-1556634525.xml -rw-r--r-- 1 root wheel 8254153 Apr 30 19:04 config-1556634764.xml -rw-r--r-- 1 root wheel 8253618 Apr 30 19:04 config-1556634840.xml -rw-r--r-- 1 root wheel 8253089 Apr 30 19:05 config-1556634876.xml -rw-r--r-- 1 root wheel 8253086 Apr 30 19:06 config-1556634927.xml -rw-r--r-- 1 root wheel 8253107 Apr 30 19:07 config-1556634973.xml -rw-r--r-- 1 root wheel 8253598 Apr 30 19:09 config-1556635023.xml -rw-r--r-- 1 root wheel 8253601 Apr 30 19:17 config-1556635143.xml -rw-r--r-- 1 root wheel 8253797 Apr 30 19:17 config-1556635630.xml -rw-r--r-- 1 root wheel 8254925 Apr 30 19:26 config-1556635674.xml
At the end of the list is the latest backup file even though the module is NOT enabled for weeks!
I made a change to a NAT rule and clicked save and ran ls -l several times:ls -l /conf/backup -rw-r--r-- 1 root wheel 5137 Apr 30 19:26 backup.cache -rw-r--r-- 1 root wheel 8257018 Apr 19 20:00 config-1555686137.xml -rw-r--r-- 1 root wheel 8256968 Apr 20 18:06 config-1555746982.xml -rw-r--r-- 1 root wheel 8257023 Apr 20 19:00 config-1555767383.xml -rw-r--r-- 1 root wheel 8256966 Apr 20 19:02 config-1555770620.xml -rw-r--r-- 1 root wheel 8258103 Apr 22 11:49 config-1555885257.xml -rw-r--r-- 1 root wheel 8258105 Apr 28 17:30 config-1556446368.xml -rw-r--r-- 1 root wheel 8254899 Apr 28 17:31 config-1556456428.xml -rw-r--r-- 1 root wheel 8254649 Apr 28 17:31 config-1556456470.xml -rw-r--r-- 1 root wheel 8254611 Apr 28 17:33 config-1556456504.xml -rw-r--r-- 1 root wheel 8253544 Apr 28 17:33 config-1556456585.xml -rw-r--r-- 1 root wheel 8253334 Apr 28 17:35 config-1556456620.xml -rw-r--r-- 1 root wheel 8254458 Apr 28 17:38 config-1556456700.xml -rw-r--r-- 1 root wheel 8254396 Apr 30 13:32 config-1556568185.xml -rw-r--r-- 1 root wheel 8254624 Apr 30 13:33 config-1556614941.xml -rw-r--r-- 1 root wheel 8255758 Apr 30 14:00 config-1556615018.xml -rw-r--r-- 1 root wheel 8254395 Apr 30 18:35 config-1556627831.xml -rw-r--r-- 1 root wheel 8254149 Apr 30 18:55 config-1556633157.xml -rw-r--r-- 1 root wheel 8254148 Apr 30 18:56 config-1556634321.xml -rw-r--r-- 1 root wheel 8254132 Apr 30 18:57 config-1556634383.xml -rw-r--r-- 1 root wheel 8254178 Apr 30 18:58 config-1556634467.xml -rw-r--r-- 1 root wheel 8254148 Apr 30 19:02 config-1556634525.xml -rw-r--r-- 1 root wheel 8254153 Apr 30 19:04 config-1556634764.xml -rw-r--r-- 1 root wheel 8253618 Apr 30 19:04 config-1556634840.xml -rw-r--r-- 1 root wheel 8253089 Apr 30 19:05 config-1556634876.xml -rw-r--r-- 1 root wheel 8253086 Apr 30 19:06 config-1556634927.xml -rw-r--r-- 1 root wheel 8253107 Apr 30 19:07 config-1556634973.xml -rw-r--r-- 1 root wheel 8253598 Apr 30 19:09 config-1556635023.xml -rw-r--r-- 1 root wheel 8253601 Apr 30 19:17 config-1556635143.xml -rw-r--r-- 1 root wheel 8253797 Apr 30 19:17 config-1556635630.xml -rw-r--r-- 1 root wheel 8254925 Apr 30 19:26 config-1556635674.xml #ls -l config-1556636179.xml -rw-r--r-- 1 root wheel 1032192 Apr 30 19:35 config-1556636179.xml #ls -l config-1556636179.xml -rw-r--r-- 1 root wheel 3252224 Apr 30 19:35 config-1556636179.xml #ls -l config-1556636179.xml -rw-r--r-- 1 root wheel 5324800 Apr 30 19:35 config-1556636179.xml #ls -l config-1556636179.xml -rw-r--r-- 1 root wheel 7839744 Apr 30 19:35 config-1556636179.xml #ls -l config-1556636179.xml -rw-r--r-- 1 root wheel 8254898 Apr 30 19:35 config-1556636179.xml
as you can see the size of the file is changing and it took almost a minute to finish and when it did the page finished loading too!
I also enabled the backup module and created a manual backup too but when I tried to download the backup it said :
The following input errors were detected:
Could not decrypt config.xmlSo, what do you think?
-
those are not the auto backup feature... That is this
https://docs.netgate.com/pfsense/en/latest/config/configuration-history.htmlDefaults to 30..
yours are HUGE!
in comparison here is mine size.
[2.4.4-RELEASE][admin@sg4860.local.lan]/conf/backup: ls -la total 8656 drwxr-xr-x 2 root wheel 1536 Apr 30 08:25 . drwxr-xr-x 4 root wheel 2048 Apr 30 08:25 .. -rw-r--r-- 1 root wheel 5078 Apr 30 08:25 backup.cache -rw-r--r-- 1 root wheel 293608 Apr 23 05:20 config-1556014722.xml -rw-r--r-- 1 root wheel 293608 Apr 23 05:23 config-1556014836.xml -rw-r--r-- 1 root wheel 293608 Apr 23 05:32 config-1556015021.xml
So mine are KB yours are MB.. your are like 32X mine.. So yeah might take a bit to write those.
Change it from the default 30 to 0, and see if your changes are faster ;)
edit:
The following input errors were detected:
Could not decrypt config.xmlYeah I would prob look into that - that doesn't seem good.
-
@johnpoz said in Auto Config Backup Issue:
those are not the auto backup feature... That is this
https://docs.netgate.com/pfsense/en/latest/config/configuration-history.htmlYes, you were right. I just checked my other pfsense box and it's less than 1MB!!!
I've downloaded one of the backup files and there is a section for rrdata which is a big part of the file and without it the backup file will be less than a megabyte.
Is there any way to exclude rrdata from being included in the config history?Change it from the default 30 to 0, and see if your changes are faster ;)
How can I do that?
Yeah I would prob look into that - that doesn't seem good.
I don't know where to start...
-
RRD shouldn't really be in the auto config data that I could think of - it should just be yoru config changes.
Like new firewall rule, etc.
How to change it is listed in the link I posted..
As to where to start on why your seeing that error... Prob start a new thread with those specific details... When you try a do download of backup you get this error -- screenshot of the actual error when and where your doing your backup... Like are you having it include data or not, etc.
-
I did change the Backup Count to 0 but it didn't help!
When I edit/create a rule it actually creates the backup first and then removes it according to the backup count 0.After setting Backup Count to 0 :
#ls -l total 4 -rw-r--r-- 1 root wheel 6 Apr 30 22:36 backup.cache
While creating a NAT rule:
#ls -l total 3236 -rw-r--r-- 1 root wheel 6 Apr 30 22:36 backup.cache -rw-r--r-- 1 root wheel 3252224 Apr 30 22:36 config-1556647551.xml #ls -l total 4324 -rw-r--r-- 1 root wheel 6 Apr 30 22:36 backup.cache -rw-r--r-- 1 root wheel 4390912 Apr 30 22:36 config-1556647551.xml #ls -l total 7044 -rw-r--r-- 1 root wheel 6 Apr 30 22:36 backup.cache -rw-r--r-- 1 root wheel 7176192 Apr 30 22:37 config-1556647551.xml #ls -l total 8100 -rw-r--r-- 1 root wheel 173 Apr 30 22:37 backup.cache -rw-r--r-- 1 root wheel 8255935 Apr 30 22:37 config-1556647551.xml #ls -l total 4 -rw-r--r-- 1 root wheel 6 Apr 30 22:37 backup.cache
So, it still takes a minute or so to create/modify a rule!!!