please help
-
Why posting the same question twice ?
https://forum.netgate.com/topic/149349/the-firewall-has-enountered-an-error
-
@mohamed8080 Try setting
System\Advanced\Firewall & NAT\Firewall Maximum Table Entries
to at least 2000000 or higher. -
I assume you are using pfBlockerNG-devel? Do you have a lot of DHCP leases being used?
Run this command and post the output pls:
wc -l /var/dhcpd/var/db/dhcpd.leases -
This post is deleted! -
@mohamed8080 another error line 3363 anyway thanks for your help
-
@provels i try on this setting and same of error
CPU Type Intel(R) Xeon(R) CPU E5-1603 0 @ 2.80GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (inactive)State table size
0% (2173/1624000) Show states
MBUF Usage
0% (3296/1000000)
Temperature
27.0°C
Load average
0.72, 0.66, 0.68
CPU usage
26%
Memory usage
24% of 16249 MiB
SWAP usage
0% of 4096 MiB
Disk usage:
/
8% of 111GiB - ufs
/var/run
4% of 3.4MiB - ufs in RAM -
Is this :
@mohamed8080 said in please help:
Line 1 appears to have generated an error, and has been highlighted. The full response is below.
Note that the line number in the full PHP response will be 6 lines too large. Nested code and eval() errors may incorrectly point to "line 1".what is returned from this
wc -l /var/dhcpd/var/db/dhcpd.leases?
-
@mohamed8080 4722819 /var/dhcpd/var/db/dhcpd.leases
-
@mohamed8080 said in please help:
@mohamed8080 4722819 /var/dhcpd/var/db/dhcpd.leases
A lease file that huge, that definitely a problem.
4722819 lines, or give or take 20 chars a line, that's 90 MBytes, probably more.How many devices are connected to your pfSense ? Thousands ?? Tens of thousands ?
Shut down your system properly, reboot, go to single user mode using the console access, and run several "fsck" (see pfSense manual how to do). This will check and clean/ repair the file system if needed.
-
@Gertjan Seventy users
-
Ok, that 's a very reasonable number. I have the same number of users.
But : look at my /var/dhcpd/var/db/dhcpd.leases file :
[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/dhcpd/var/db: ls -al dhcpd.leases -rw-r--r-- 1 dhcpd _dhcp 73805 Jan 8 10:57 dhcpd.leases= 74 KBytes.
As the first several lines of this file tells you (it's a readable ASCI file) generated and maintained by the dhcp daemon.
Check also this file :
[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/dhcpd/etc: ls -al dhcpd.conf -rw-r--r-- 1 dhcpd _dhcp 5520 Jan 7 10:55 dhcpd.confIt's the dhcp server (daemon) config file.
It should have a coupe of hundred lines, size several KBytes (mine is 5KB, 200 lines).Check also your DHCP log (in the GUI).
Is your server handing out a huge number of leases ? What frequency ? -
My network
Domain controller at windows server 2016
services run on it (dhcp-dns)
making forward to dns from windows server to pfsensepfsense Services is
c-icap ICAP Inteface for Squid and ClamAV integration
clamd ClamAV Antivirus
dpinger Gateway Monitoring Daemon
lightsquid_web Lightsquid Web Server
ntopng ntopng Network Traffic Monitor
ntpd NTP clock sync
pfb_dnsbl pfBlockerNG DNSBL service
pfb_filter pfBlockerNG firewall filter service
snort Snort IDS/IPS Daemon
squid Squid Proxy Server Service
squidGuard Proxy server filter Service
syslogd System Logger Daemon
unbound DNS Resolver -
@BBcan177 4722819 /var/dhcpd/var/db/dhcpd.leases
-
@mohamed8080 said in please help:
My network
Domain controller at windows server 2016
services run on it (dhcp-dns)
making forward to dns from windows server to pfsenseDHCP is served by pfSense or the domain controller ?
@mohamed8080 said in please help:
@BBcan177 4722819 /var/dhcpd/var/db/dhcpd.leases
@BBcan177 will say :
Yes, pfBlocker-ng will read in, and parse the current active DHCP lease file.
That file with that size will 'explode' any system - not only yours.
This file can't be that big. For short : it's not a "pfBlocker-ng", the problems is something else.Let's try to understand why this file "/var/dhcpd/var/db/dhcpd.leases" is that big.
Did you ran your "fsck" checks ?
-
@Gertjan said in please help:
fsck
DHCP is served by Domain Controller (windows server 2016) .
i was try that command touch /root/force_fsck on GUI and reboot pfSense
first error view like http page and The second error on Crash Reporter
Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59 PHP ERROR: Type: 1, File: /usr/local/www/status_dhcp_leases.php, Line: 59, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes)
and
PHP Errors:
[09-Jan-2020 10:06:24 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59
[09-Jan-2020 10:18:53 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 268435464 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3367how can allow memory size to PHP i have 16GB of ram and SSD HDD in pfSense
sorry for bazaring you and thanks for support
-
This error :
@mohamed8080 said in please help:[09-Jan-2020 10:06:24 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59
show clearly that not only pfblockerng has severe difficulties reading the lease file, but also others, like the DHCP status page from pfSense itself.
This file shouldn't even exists, because, if pfSense isn't even serving leases - some other device (your DC does that).
Goto console mode (not the GUI Diagnostics > Command Prompt) and move this file out of the way :
mv /var/dhcpd/var/db/dhcpd.leases /var/dhcpd/var/db/dhcpd.leases.backup touch /var/dhcpd/var/db/dhcpd.leases -
normally
/var/dhcpd/var/db/dhcpd.leasesis simple ASCII textfile so you should be able to read it on the shell/via SSH with a simpleless /var/dhcpd/var/db/dhcpd.leasesHave a look at it and check if it makes sense. If you haven't pfSense configured as your DHCP server on any network segment/VLAN then that file shouldn't be even a few kB big.
-
@JeGr said in please help:
Have a look at it and check if it makes sense.
Was asking that already several posts above.
Nothing came back ....I guess he saw the ....
# The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-4.3.6-P1 # authoring-byte-order entry is generated, DO NOT DELETE authoring-byte-order little-endian; lease 192.168.2.6 { starts 1 2019/12/02 03:50:37; ends 1 2019/12/02 09:50:37; tstp 1 2019/12/02 09:50:37; cltt 1 2019/12/02 03:50:37; binding state free; hardware ethernet 00:16:7f:25:43:d4; uid "\001\000\026\177%C\324"; set vendor-class-identifier = "android-dhcp-7.1.2"; } .... ....and thought that was normal. Which is the case.
The fact that he shut down the pfSense DHCP server because he was using another one explains why the file isn't 'maintained' any more - the dhcp daemon isn't running any more (this is to be confirmed) : the file stays in place.
Why the file became this big, under what circumstances, and when, puzzles me.Like he had running the DHCP server on pfSense and his AD at the same comment ?
Did he use pfBlocker for a long time ?
What is the end of the /var/dhcpd/var/db/dhcpd.leases file ? It's only the DHCP daemon that's maintaining this file - leases are dumped to it. -
@Gertjan said in please help:
touch /var/dhcpd/var/db/dhcpd.leases
thanks the problem is ended with your advice
-
Good !
So it was a matter of emptying this huge file , which has no meaning because the local DHCP server wasn't running anyway.
Still, I still don't get why this file became this big. I guess we will never know.
Keep an eye on it, though - it should stay at a zero byte file if local pfSense DHCP isn't used. If you decide to use local DHCP, it could become several KB, that's ok.
