Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Auto Config Backup Issue

    pfSense Packages
    2
    24
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      @AlexJ8791 said in How to Reinstall Auto Config Backup:

      without NAT Relfection they won't work correctly.

      Why is that, your local devices should just resolve the local IP for whatever your public FQDN is.. There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.

      Suggest you test by turning off nat reflection, and seeing if it fixes your delay in rule changes.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • A
        AlexJ8791
        last edited by

        There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.

        There are several cases in which we have to use nat reflection. One of them is when clients on your web server want to use the famous Wordpress CMS. This application needs to able to see its public address in order to work correctly especially in Network Mode. This issue could be tackled with DNS Split but when you have hundreds of websites and your clients keep adding/removing websites on the server, it's impossible to implement this feature.
        And as I said I have the same setup in another location with no issue so I think nat reflection is not the issue.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.

          So in your log what is the time between sync firewall and reloading filter entries?

          I haven't played with wordpress in quite some time, but I have doubts that feature requires nat reflection. If I get a chance I might test this, because it makes no sense that nat reflection should be required for that to work.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          A 2 Replies Last reply Reply Quote 0
          • A
            AlexJ8791 @johnpoz
            last edited by AlexJ8791

            I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.

            I would definitely give a shot.

            If I get a chance I might test this.

            I'd appreciate it.

            1 Reply Last reply Reply Quote 0
            • A
              AlexJ8791 @johnpoz
              last edited by

              So in your log what is the time between sync firewall and reloading filter entries?

              Here is the complete log entries of a rule modification :

              Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
              Apr 16 18:13:10 fwl01 check_reload_status: Reloading filter
              Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
              Apr 16 18:13:12 fwl01 xinetd[63305]: Starting reconfiguration
              Apr 16 18:13:12 fwl01 xinetd[63305]: Swapping defaults
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19000-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19001-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19002-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19003-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19008-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19009-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19010-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19011-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19012-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19013-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19014-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19015-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19016-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19017-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19018-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19019-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19020-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19021-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19022-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19023-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19024-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19025-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19026-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19027-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19028-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19029-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19030-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19031-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19032-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19033-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19034-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19035-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19036-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19037-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19038-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19039-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19040-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19041-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19042-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19043-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19044-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19045-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19046-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19047-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19048-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19049-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19050-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19051-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19052-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19053-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19054-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19055-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19056-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19057-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19058-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19059-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19060-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19061-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19062-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19063-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19064-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19065-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19066-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19067-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19068-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19069-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19070-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19071-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19072-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19073-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19074-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19075-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19076-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19077-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19078-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19079-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19080-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19081-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19082-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19083-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19084-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19088-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19089-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19090-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19091-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19092-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19093-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19094-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19095-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19096-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19097-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19098-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19099-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19100-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19101-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19102-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19103-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19104-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19105-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19106-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19107-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19108-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19111-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19112-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19113-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19114-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19115-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19116-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19117-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19118-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19120-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19121-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19126-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19127-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19128-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19129-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19130-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19131-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19132-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19133-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19136-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19137-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19138-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19141-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19142-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19143-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19144-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19145-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19146-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19147-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19148-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19149-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19150-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19153-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19154-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19155-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19156-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19162-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19163-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19164-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19166-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19167-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19168-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19174-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19175-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19176-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19182-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19183-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19184-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19190-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19191-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19192-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19195-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19196-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19197-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19198-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19199-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19205-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19206-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19207-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19208-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19209-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19210-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19213-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19214-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19215-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19216-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19217-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19218-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19219-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19220-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19221-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19222-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19223-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19224-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19225-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19226-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19227-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19228-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19229-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19230-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19231-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19232-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19233-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19234-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19235-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19236-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19237-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19238-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19239-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-tcp
              Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-udp
              Apr 16 18:13:12 fwl01 xinetd[63305]: Reconfigured: new=0 old=296 dropped=0 (services)

              1 Reply Last reply Reply Quote 0
              • A
                AlexJ8791
                last edited by

                I've disabled NAT Reflection completely but that didn't help either.
                Auto Conf Backup still doesn't work, even when I create a manual backup!

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  @AlexJ8791 said in How to Reinstall Auto Config Backup:

                  Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
                  Apr 16 18:13:10 fwl01 check_reload_status: Reloading filter

                  Well that looks like 13 seconds not minutes.

                  This looks like something not right

                  Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500

                  When you reload your rules.. have you looked at the monitor link to get the details of the reload
                  https://sg4860.local.lan:8443/status_filter_reload.php

                  filterreload.png

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • A
                    AlexJ8791
                    last edited by

                    I've reloaded the filter and it went pretty fast but creating an alias or a rule takes a minute or sometimes two minutes.

                    1 Reply Last reply Reply Quote 0
                    • A
                      AlexJ8791
                      last edited by AlexJ8791

                      I just found out that I was right and the Auto Config Backup is responsible for the delay.
                      I connected to the pfsense box via ssh and went to /conf/backup directory. Here is the content:

                      ls -l /conf/backup
-rw-r--r--  1 root  wheel     5137 Apr 30 19:26 backup.cache
-rw-r--r--  1 root  wheel  8257018 Apr 19 20:00 config-1555686137.xml
-rw-r--r--  1 root  wheel  8256968 Apr 20 18:06 config-1555746982.xml
-rw-r--r--  1 root  wheel  8257023 Apr 20 19:00 config-1555767383.xml
-rw-r--r--  1 root  wheel  8256966 Apr 20 19:02 config-1555770620.xml
-rw-r--r--  1 root  wheel  8258103 Apr 22 11:49 config-1555885257.xml
-rw-r--r--  1 root  wheel  8258105 Apr 28 17:30 config-1556446368.xml
-rw-r--r--  1 root  wheel  8254899 Apr 28 17:31 config-1556456428.xml
-rw-r--r--  1 root  wheel  8254649 Apr 28 17:31 config-1556456470.xml
-rw-r--r--  1 root  wheel  8254611 Apr 28 17:33 config-1556456504.xml
-rw-r--r--  1 root  wheel  8253544 Apr 28 17:33 config-1556456585.xml
-rw-r--r--  1 root  wheel  8253334 Apr 28 17:35 config-1556456620.xml
-rw-r--r--  1 root  wheel  8254458 Apr 28 17:38 config-1556456700.xml
-rw-r--r--  1 root  wheel  8254396 Apr 30 13:32 config-1556568185.xml
-rw-r--r--  1 root  wheel  8254624 Apr 30 13:33 config-1556614941.xml
-rw-r--r--  1 root  wheel  8255758 Apr 30 14:00 config-1556615018.xml
-rw-r--r--  1 root  wheel  8254395 Apr 30 18:35 config-1556627831.xml
-rw-r--r--  1 root  wheel  8254149 Apr 30 18:55 config-1556633157.xml
-rw-r--r--  1 root  wheel  8254148 Apr 30 18:56 config-1556634321.xml
-rw-r--r--  1 root  wheel  8254132 Apr 30 18:57 config-1556634383.xml
-rw-r--r--  1 root  wheel  8254178 Apr 30 18:58 config-1556634467.xml
-rw-r--r--  1 root  wheel  8254148 Apr 30 19:02 config-1556634525.xml
-rw-r--r--  1 root  wheel  8254153 Apr 30 19:04 config-1556634764.xml
-rw-r--r--  1 root  wheel  8253618 Apr 30 19:04 config-1556634840.xml
-rw-r--r--  1 root  wheel  8253089 Apr 30 19:05 config-1556634876.xml
-rw-r--r--  1 root  wheel  8253086 Apr 30 19:06 config-1556634927.xml
-rw-r--r--  1 root  wheel  8253107 Apr 30 19:07 config-1556634973.xml
-rw-r--r--  1 root  wheel  8253598 Apr 30 19:09 config-1556635023.xml
-rw-r--r--  1 root  wheel  8253601 Apr 30 19:17 config-1556635143.xml
-rw-r--r--  1 root  wheel  8253797 Apr 30 19:17 config-1556635630.xml
-rw-r--r--  1 root  wheel  8254925 Apr 30 19:26 config-1556635674.xml

                      At the end of the list is the latest backup file even though the module is NOT enabled for weeks!
                      I made a change to a NAT rule and clicked save and ran ls -l several times:

                      ls -l /conf/backup
-rw-r--r--  1 root  wheel     5137 Apr 30 19:26 backup.cache
-rw-r--r--  1 root  wheel  8257018 Apr 19 20:00 config-1555686137.xml
-rw-r--r--  1 root  wheel  8256968 Apr 20 18:06 config-1555746982.xml
-rw-r--r--  1 root  wheel  8257023 Apr 20 19:00 config-1555767383.xml
-rw-r--r--  1 root  wheel  8256966 Apr 20 19:02 config-1555770620.xml
-rw-r--r--  1 root  wheel  8258103 Apr 22 11:49 config-1555885257.xml
-rw-r--r--  1 root  wheel  8258105 Apr 28 17:30 config-1556446368.xml
-rw-r--r--  1 root  wheel  8254899 Apr 28 17:31 config-1556456428.xml
-rw-r--r--  1 root  wheel  8254649 Apr 28 17:31 config-1556456470.xml
-rw-r--r--  1 root  wheel  8254611 Apr 28 17:33 config-1556456504.xml
-rw-r--r--  1 root  wheel  8253544 Apr 28 17:33 config-1556456585.xml
-rw-r--r--  1 root  wheel  8253334 Apr 28 17:35 config-1556456620.xml
-rw-r--r--  1 root  wheel  8254458 Apr 28 17:38 config-1556456700.xml
-rw-r--r--  1 root  wheel  8254396 Apr 30 13:32 config-1556568185.xml
-rw-r--r--  1 root  wheel  8254624 Apr 30 13:33 config-1556614941.xml
-rw-r--r--  1 root  wheel  8255758 Apr 30 14:00 config-1556615018.xml
-rw-r--r--  1 root  wheel  8254395 Apr 30 18:35 config-1556627831.xml
-rw-r--r--  1 root  wheel  8254149 Apr 30 18:55 config-1556633157.xml
-rw-r--r--  1 root  wheel  8254148 Apr 30 18:56 config-1556634321.xml
-rw-r--r--  1 root  wheel  8254132 Apr 30 18:57 config-1556634383.xml
-rw-r--r--  1 root  wheel  8254178 Apr 30 18:58 config-1556634467.xml
-rw-r--r--  1 root  wheel  8254148 Apr 30 19:02 config-1556634525.xml
-rw-r--r--  1 root  wheel  8254153 Apr 30 19:04 config-1556634764.xml
-rw-r--r--  1 root  wheel  8253618 Apr 30 19:04 config-1556634840.xml
-rw-r--r--  1 root  wheel  8253089 Apr 30 19:05 config-1556634876.xml
-rw-r--r--  1 root  wheel  8253086 Apr 30 19:06 config-1556634927.xml
-rw-r--r--  1 root  wheel  8253107 Apr 30 19:07 config-1556634973.xml
-rw-r--r--  1 root  wheel  8253598 Apr 30 19:09 config-1556635023.xml
-rw-r--r--  1 root  wheel  8253601 Apr 30 19:17 config-1556635143.xml
-rw-r--r--  1 root  wheel  8253797 Apr 30 19:17 config-1556635630.xml
-rw-r--r--  1 root  wheel  8254925 Apr 30 19:26 config-1556635674.xml

#ls -l config-1556636179.xml
-rw-r--r--  1 root  wheel  1032192 Apr 30 19:35 config-1556636179.xml

#ls -l config-1556636179.xml
-rw-r--r--  1 root  wheel  3252224 Apr 30 19:35 config-1556636179.xml

#ls -l config-1556636179.xml
-rw-r--r--  1 root  wheel  5324800 Apr 30 19:35 config-1556636179.xml

#ls -l config-1556636179.xml
-rw-r--r--  1 root  wheel  7839744 Apr 30 19:35 config-1556636179.xml

#ls -l config-1556636179.xml
-rw-r--r--  1 root  wheel  8254898 Apr 30 19:35 config-1556636179.xml

                      as you can see the size of the file is changing and it took almost a minute to finish and when it did the page finished loading too!

                      I also enabled the backup module and created a manual backup too but when I tried to download the backup it said :

                      The following input errors were detected:
                      Could not decrypt config.xml

                      So, what do you think?

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        those are not the auto backup feature... That is this
                        https://docs.netgate.com/pfsense/en/latest/config/configuration-history.html

                        Defaults to 30..

                        yours are HUGE!

                        in comparison here is mine size.

                        [2.4.4-RELEASE][admin@sg4860.local.lan]/conf/backup: ls -la
total 8656
drwxr-xr-x  2 root  wheel    1536 Apr 30 08:25 .
drwxr-xr-x  4 root  wheel    2048 Apr 30 08:25 ..
-rw-r--r--  1 root  wheel    5078 Apr 30 08:25 backup.cache
-rw-r--r--  1 root  wheel  293608 Apr 23 05:20 config-1556014722.xml
-rw-r--r--  1 root  wheel  293608 Apr 23 05:23 config-1556014836.xml
-rw-r--r--  1 root  wheel  293608 Apr 23 05:32 config-1556015021.xml

                        So mine are KB yours are MB.. your are like 32X mine.. So yeah might take a bit to write those.

                        Change it from the default 30 to 0, and see if your changes are faster ;)

                        edit:

                        The following input errors were detected:
                        Could not decrypt config.xml

                        Yeah I would prob look into that - that doesn't seem good.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          AlexJ8791 @johnpoz
                          last edited by AlexJ8791

                          @johnpoz said in Auto Config Backup Issue:

                          those are not the auto backup feature... That is this
                          https://docs.netgate.com/pfsense/en/latest/config/configuration-history.html

                          Yes, you were right. I just checked my other pfsense box and it's less than 1MB!!!
                          I've downloaded one of the backup files and there is a section for rrdata which is a big part of the file and without it the backup file will be less than a megabyte.
                          Is there any way to exclude rrdata from being included in the config history?

                          Change it from the default 30 to 0, and see if your changes are faster ;)

                          How can I do that?

                          Yeah I would prob look into that - that doesn't seem good.

                          I don't know where to start...

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            RRD shouldn't really be in the auto config data that I could think of - it should just be yoru config changes.

                            Like new firewall rule, etc.

                            How to change it is listed in the link I posted..
                            set0.png

                            As to where to start on why your seeing that error... Prob start a new thread with those specific details... When you try a do download of backup you get this error -- screenshot of the actual error when and where your doing your backup... Like are you having it include data or not, etc.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                            1 Reply Last reply Reply Quote 0
                            • A
                              AlexJ8791
                              last edited by AlexJ8791

                              I did change the Backup Count to 0 but it didn't help!
                              When I edit/create a rule it actually creates the backup first and then removes it according to the backup count 0.

                              After setting Backup Count to 0 :

                              #ls -l
total 4
-rw-r--r--  1 root  wheel  6 Apr 30 22:36 backup.cache

                              While creating a NAT rule:

                              #ls -l
total 3236
-rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
-rw-r--r--  1 root  wheel  3252224 Apr 30 22:36 config-1556647551.xml

#ls -l
total 4324
-rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
-rw-r--r--  1 root  wheel  4390912 Apr 30 22:36 config-1556647551.xml

#ls -l
total 7044
-rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
-rw-r--r--  1 root  wheel  7176192 Apr 30 22:37 config-1556647551.xml

#ls -l
total 8100
-rw-r--r--  1 root  wheel      173 Apr 30 22:37 backup.cache
-rw-r--r--  1 root  wheel  8255935 Apr 30 22:37 config-1556647551.xml

#ls -l
total 4
-rw-r--r--  1 root  wheel  6 Apr 30 22:37 backup.cache

                              So, it still takes a minute or so to create/modify a rule!!!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.