Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG3100 limitations

    Official Netgate® Hardware
    6
    52
    5.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akuma1x @Burner27
      last edited by

      @Burner27 You could do the blocking really easy by just using the OpenDNS family shield servers. It basically sends all your DNS lookups through a safe filtering system. It’s not 100% foolproof, but it’s a good first start to content filtering. If you find it not sufficient, then you can throw other tools at this project.

      1 Reply Last reply Reply Quote 1
      • B
        Burner27
        last edited by

        Is SNORT even needed for a home user?

        A bmeeksB 2 Replies Last reply Reply Quote 0
        • A
          akuma1x @Burner27
          last edited by

          @Burner27 said in SG3100 limitations:

          Is SNORT even needed for a home user?

          Usually not, it's more if you're running internal services (servers) you need to share with the world.

          It can be used at home, but it needs a lot of tuning. See here, it's a little bit old, but still applies:

          https://www.reddit.com/r/PFSENSE/comments/5fjexm/is_snort_needed_for_a_home_connection/

          Jeff

          1 Reply Last reply Reply Quote 0
          • B
            Burner27
            last edited by

            What packages do you recommend for home users?

            A 1 Reply Last reply Reply Quote 0
            • A
              akuma1x @Burner27
              last edited by

              @Burner27 I would recommend the following:

              NUT, so you can hookup a UPS battery to keep the firewall protected thru power outages.

              And, if you want to access your internal LAN networks from outside, put in the OpenVPN Client Export package, so it's really easy to export your VPN server settings to your devices.

              That's kinda all you need. There's some fringy stuff, like avahi, bandwidthd, and squid, but those are for special use kinds of things. Keep it simple and don't go crazy installing all kinds of packages because they sound cool, or you think you might need them.

              Hope that helps.

              Jeff

              B 1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                I would agree it usually is not. Certainly not in blocking mode. It can be useful for analysing what's happening in your network but that is better done by exporting the logs to something dedicated to that and that's beyond most home setups.

                If you're hosting anything that is publicly accessible it's nice to have. But you might argue anything hosted at home is better strictly limited to known external clients anyway.

                Steve

                1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks @Burner27
                  last edited by

                  @Burner27 said in SG3100 limitations:

                  Is SNORT even needed for a home user?

                  I maintain that package, and I created the Suricata package, so you might expect my answer to be "yes". But actually my answer is usually "no" for the same reasons given by @stephenw10.

                  If you are interested in learning about IDS/IPS and want to put in the time and study required to be proficient in the art, then certainly Snort or Suricata can be a useful tool for that purpose. But for the general home user, such packages are usually more trouble than they are worth in security due to the prevalence of false positives causing network interruptions when blocking is enabled.

                  If you just want to see if anything weird is happening in your network, you could install one of the IDS/IPS packages and operate it in detection-only mode (no blocking). Then for each alert you could go check results at Google University (that is, do a Google search on the alert and see what others are saying about it) ... 😉.

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    Burner27 @akuma1x
                    last edited by

                    @akuma1x the only thing I have installed is pfblockerNG-dev for content filtering/ad blocking etc....

                    The only thing I have publicly accessible is a Minecraft server.

                    1 Reply Last reply Reply Quote 0
                    • B
                      Burner27 @bmeeks
                      last edited by

                      @bmeeks I tried suricata and snort. I like snort better but it caused random reboots even if it was the only thing I installed. May have been the way it was configured but I followed this: https://www.youtube.com/watch?v=-GgqYq5-EBg
                      Not sure if there is anything in that tutorial you find to be incorrect, but I am new to Snort. I followed your basic setup and for about a week it didn’t cause any reboots, but then I started this thread and you guys advised me it isn’t necessary. I trust your advice. Perhaps I had too many thing enabled?

                      bmeeksB 1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks @Burner27
                        last edited by bmeeks

                        @Burner27 said in SG3100 limitations:

                        @bmeeks I tried suricata and snort. I like snort better but it caused random reboots even if it was the only thing I installed. May have been the way it was configured but I followed this: https://www.youtube.com/watch?v=-GgqYq5-EBg
                        Not sure if there is anything in that tutorial you find to be incorrect, but I am new to Snort. I followed your basic setup and for about a week it didn’t cause any reboots, but then I started this thread and you guys advised me it isn’t necessary. I trust your advice. Perhaps I had too many thing enabled?

                        I don't recall any previous reports where the installation of Snort caused any reboots. Are you 100% sure Snort is the cause of the reboot? What is shown in the pfSense system log at the time just before the reboot happens?

                        By the way, that video from Lawrence Systems is excellent. The only change I suggest for home users is to put Snort on the LAN and not the WAN. This is because out-of-the-box pfSense blocks all inbound traffic on the WAN already. So there is no sense in having Snort block something the firewall is already going to block inbound. There is also the problem of Snort logging all the typical WAN "noise" that any Internet-facing interface sees. Another aggravation with Snort on the WAN is that all the local addresses in alerts from your LAN will show up in Snort as having your WAN's public IP due to NAT. Snort on the WAN sees outbound traffic (to the Internet) after NAT is applied, and it sees inbound traffic (from the Internet) before NAT is undone. Thus all local hosts always show as having the firewall's WAN public IP. That makes it hard to find which local host might have an issue. Putting Snort on the LAN interface solves these issues. Plus, on the LAN interface, all traffic from your LAN coming from or going to the Internet must pass through Snort. So you still have the same level of "security".

                        T 1 Reply Last reply Reply Quote 1
                        • B
                          Burner27
                          last edited by

                          I have the log file I can send you if you want.

                          bmeeksB 1 Reply Last reply Reply Quote 0
                          • bmeeksB
                            bmeeks @Burner27
                            last edited by

                            @Burner27 said in SG3100 limitations:

                            I have the log file I can send you if you want.

                            Just post the relevant section here in this thread. After pasting in the log content, highlight all of it with your mouse in the "posting" textbox and then click the "code" icon in the list of editor icons. That icon is the pair of brackets "</>". That will format the block of log text and make it easier to read.

                            1 Reply Last reply Reply Quote 0
                            • B
                              Burner27
                              last edited by 

                              ul 10 13:33:51 ProfessorX php: /etc/rc.packages: [Snort] Checking configuration settings version...
Jul 10 13:33:51 ProfessorX php: /etc/rc.packages: [Snort] Configuration version is current...
Jul 10 13:33:51 ProfessorX php: /etc/rc.packages: [Snort] Downloading and updating configured rule sets.
Jul 10 13:34:01 ProfessorX php: /etc/rc.packages: [Snort] There is a new set of Snort Subscriber rules posted. Downloading snortrules-snapshot-29160.tar.gz...
Jul 10 13:34:14 ProfessorX php: /etc/rc.packages: [Snort] Snort Subscriber rules file update downloaded successfully
Jul 10 13:34:16 ProfessorX php: /etc/rc.packages: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Jul 10 13:34:16 ProfessorX php: /etc/rc.packages: [Snort] Snort OpenAppID detectors file update downloaded successfully
Jul 10 13:34:17 ProfessorX php: /etc/rc.packages: [Snort] There is a new set of Snort OpenAppID RULES detectors posted. Downloading appid_rules.tar.gz...
Jul 10 13:34:17 ProfessorX php: /etc/rc.packages: [Snort] Snort OpenAppID RULES detectors file update downloaded successfully
Jul 10 13:34:17 ProfessorX php: /etc/rc.packages: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Jul 10 13:34:18 ProfessorX php: /etc/rc.packages: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
Jul 10 13:34:18 ProfessorX php: /etc/rc.packages: [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
Jul 10 13:34:19 ProfessorX php: /etc/rc.packages: [Snort] Emerging Threats Open rules file update downloaded successfully
Jul 10 13:34:45 ProfessorX php: /etc/rc.packages: [Snort] Hide Deprecated Rules is enabled.  Removing obsoleted rules categories.
Jul 10 13:34:45 ProfessorX php: /etc/rc.packages: [Snort] Removed 49 obsoleted rules category files.
Jul 10 13:34:45 ProfessorX php: /etc/rc.packages: [Snort] The Rules update has finished.
Jul 10 13:34:45 ProfessorX php: /etc/rc.packages: [Snort] Updating rules configuration for: LAN ...
Jul 10 13:34:50 ProfessorX php: /etc/rc.packages: [Snort] Checking for rules dependent on disabled preprocessors for: LAN...
Jul 10 13:34:50 ProfessorX php: /etc/rc.packages: [Snort] Enabling any flowbit-required rules for: LAN...
Jul 10 13:34:50 ProfessorX php: /etc/rc.packages: [Snort] Checking flowbit rules dependent on disabled preprocessors for: LAN...
Jul 10 13:34:50 ProfessorX php: /etc/rc.packages: [Snort] Building new sid-msg.map file for LAN...
Jul 10 13:34:50 ProfessorX check_reload_status: Syncing firewall
Jul 10 13:34:50 ProfessorX check_reload_status: Syncing firewall
Jul 10 13:34:51 ProfessorX php: /etc/rc.packages: [Snort] Finished rebuilding installation from saved settings.
Jul 10 13:34:51 ProfessorX php: /etc/rc.packages: [Snort] Package post-installation tasks completed...
Jul 10 13:34:51 ProfessorX php: /etc/rc.packages: Successfully installed package: snort.
Jul 10 13:34:51 ProfessorX pkg-static: pfSense-pkg-snort-3.2.9.13 installed
Jul 10 13:34:52 ProfessorX check_reload_status: Reloading filter
Jul 10 13:34:52 ProfessorX check_reload_status: Starting packages
Jul 10 13:34:53 ProfessorX php-fpm[61390]: /rc.start_packages: Restarting/Starting all packages.
Jul 10 13:34:54 ProfessorX SnortStartup[84661]: Snort START for LAN(44407_mvneta1)...
Jul 10 13:34:55 ProfessorX snort[85976]: AppId
Jul 10 13:34:55 ProfessorX snort[85976]: AppId
Jul 10 13:34:55 ProfessorX snort[85976]: AppId
Jul 10 13:34:55 ProfessorX snort[85976]: AppId
Jul 10 13:34:55 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 13:34:55 ProfessorX php_pfb: [pfBlockerNG] filterlog daemon started
Jul 10 13:34:56 ProfessorX snort[85976]: AppId
Jul 10 13:34:56 ProfessorX snort[85976]: AppId
Jul 10 13:34:56 ProfessorX snort[85976]: AppId
Jul 10 13:34:56 ProfessorX snort[85976]: AppId
Jul 10 13:35:02 ProfessorX kernel: mvneta1: promiscuous mode enabled
Jul 10 13:40:28 ProfessorX check_reload_status: Syncing firewall
Jul 10 13:40:54 ProfessorX check_reload_status: Syncing firewall
Jul 10 13:48:31 ProfessorX php-fpm[61390]: /index.php: User logged out for user 'admin' from: 192.168.1.145 (Local Database)
Jul 10 14:00:00 ProfessorX php: [pfBlockerNG] Starting cron process.
Jul 10 14:00:28 ProfessorX php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Jul 10 14:29:29 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1992-2020 The FreeBSD Project.
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Jul 10 14:29:29 ProfessorX kernel: 	The Regents of the University of California. All rights reserved.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD 11.3-STABLE #238 885b1ed26b6(factory-RELENG_2_4_5): Tue Jun  2 17:52:40 EDT 2020
Jul 10 14:29:29 ProfessorX kernel:     root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-245-armv6/obj/armv6/kJlGauaG/arm.armv6/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/sys/pfSense-SG-3100 arm
Jul 10 14:29:29 ProfessorX kernel: FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
Jul 10 14:29:29 ProfessorX kernel: CPU: ARM Cortex-A9 r4p1 (ECO: 0x00000000)
Jul 10 14:29:29 ProfessorX kernel: CPU Features: 
Jul 10 14:29:29 ProfessorX kernel:   Multiprocessing, Thumb2, Security, VMSAv7, Coherent Walk
Jul 10 14:29:29 ProfessorX kernel: Optional instructions: 
Jul 10 14:29:29 ProfessorX kernel:   UMULL, SMULL, SIMD(ext)
Jul 10 14:29:29 ProfessorX kernel: LoUU:2 LoC:2 LoUIS:2 
Jul 10 14:29:29 ProfessorX kernel: Cache level 1:
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way instruction cache Read-Alloc
Jul 10 14:29:29 ProfessorX kernel: real memory  = 2147479552 (2047 MB)
Jul 10 14:29:29 ProfessorX kernel: avail memory = 2073812992 (1977 MB)
Jul 10 14:29:29 ProfessorX kernel: SOC: Marvell 88F6820, TClock 250MHz, Frequency 1600MHz
Jul 10 14:29:29 ProfessorX kernel:   Instruction cache prefetch enabled, data cache prefetch disabled
Jul 10 14:29:29 ProfessorX kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
Jul 10 14:29:29 ProfessorX kernel: wlan: mac acl policy registered
Jul 10 14:29:29 ProfessorX kernel: random: entropy device external interface
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0135c50, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0135d00, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xc013f1ec, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc013f29c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc013f34c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0135ba0, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ofwbus0: <Open Firmware Device Tree>
Jul 10 14:29:29 ProfessorX kernel: simplebus0: <Flattened device tree simple bus> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: simplebus1: <Flattened device tree simple bus> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: l2cache0: <PL310 L2 cache controller> mem 0x8000-0x8fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: l2cache0: cannot allocate IRQ, not using interrupt
Jul 10 14:29:29 ProfessorX kernel: l2cache0: Part number: 0x3, release: 0x9
Jul 10 14:29:29 ProfessorX kernel: l2cache0: L2 Cache enabled: 1024KB/32B 16 ways
Jul 10 14:29:29 ProfessorX kernel: gic0: <ARM Generic Interrupt Controller> mem 0xd000-0xdfff,0xc100-0xc1ff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: gic0: pn 0x390, arch 0x1, rev 0x2, implementer 0x43b irqs 192
Jul 10 14:29:29 ProfessorX kernel: mpic0: <Marvell Integrated Interrupt Controller> mem 0x20a00-0x20ccf,0x21870-0x21b6f irq 19 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mp_tmr0: <ARM MPCore Timers> mem 0xc200-0xc21f irq 3 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Timecounter "MPCore" frequency 800000000 Hz quality 800
Jul 10 14:29:29 ProfessorX kernel: mp_tmr1: <ARM MPCore Timers> mem 0xc600-0xc61f irq 4 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Event timer "MPCore" frequency 800000000 Hz quality 1000
Jul 10 14:29:29 ProfessorX kernel: cesa0: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x90fff,0x9d000-0x9dfff irq 1 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: cesa1: <Marvell Cryptographic Engine and Security Accelerator> mem 0x92000-0x92fff,0x9f000-0x9ffff irq 2 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: spi0: <Marvell SPI controller> mem 0x10600-0x1064f irq 5 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: twsi0: <Marvell Integrated I2C Bus Controller> mem 0x11000-0x1101f irq 7 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: iicbus0: <OFW I2C bus> on twsi0
Jul 10 14:29:29 ProfessorX kernel: iic0: <I2C generic I/O> on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpio0: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio0 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: gpio0: <ISSI IS31FL3199 9 channel light effect LED driver> at addr 0xce on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpiobus0: <OFW GPIO bus> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpioc0: <GPIO controller> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpio1: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio1 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: uart0: <Non-standard ns8250 class UART with FIFOs> mem 0x12000-0x120ff irq 9 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: uart0: console (-1,n,8,1)
Jul 10 14:29:29 ProfessorX kernel: uart1: <16550 or compatible> mem 0x12100-0x121ff irq 10 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: <Marvell CPU Timer> mem 0x20300-0x20333,0x20704-0x20707,0x18260-0x18263 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: only watchdog attached
Jul 10 14:29:29 ProfessorX kernel: pmsu0: <Power Management Service Unit> mem 0x22000-0x22fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: <NETA controller> mem 0x30000-0x33fff irq 26 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta0: Ethernet address: 00:08:a2:10:f2:18
Jul 10 14:29:29 ProfessorX kernel: miibus0: <MII bus> on mvneta0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0: <Marvell 88E1512 Gigabit PHY> PHY 1 on miibus0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: mvneta1: <NETA controller> mem 0x34000-0x37fff irq 27 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta1: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta1: Ethernet address: 00:08:a2:10:f2:19
Jul 10 14:29:29 ProfessorX kernel: mdio0: <MDIO> on mvneta1
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: <Marvell 88E6141> on mdio0
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: single-chip addressing mode
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 1
Jul 10 14:29:29 ProfessorX kernel: miibus1: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy0: <Marvell 88E1000 Gigabit PHY> PHY 17 on miibus1
Jul 10 14:29:29 ProfessorX kernel: e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 2
Jul 10 14:29:29 ProfessorX kernel: miibus2: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy1: <Marvell 88E1000 Gigabit PHY> PHY 18 on miibus2
Jul 10 14:29:29 ProfessorX kernel: e1000phy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 3
Jul 10 14:29:29 ProfessorX kernel: miibus3: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy2: <Marvell 88E1000 Gigabit PHY> PHY 19 on miibus3
Jul 10 14:29:29 ProfessorX kernel: e1000phy2:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 4
Jul 10 14:29:29 ProfessorX kernel: miibus4: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy3: <Marvell 88E1000 Gigabit PHY> PHY 20 on miibus4
Jul 10 14:29:29 ProfessorX kernel: e1000phy3:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: CPU port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: fixed port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: switch is ready.
Jul 10 14:29:29 ProfessorX kernel: etherswitch0: <Switch controller> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: ehci0: <Marvell Integrated USB 2.0 controller> mem 0x58000-0x584ff irq 28 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: usbus0: EHCI version 1.0
Jul 10 14:29:29 ProfessorX kernel: usbus0 on ehci0
Jul 10 14:29:29 ProfessorX kernel: mvneta2: <NETA controller> mem 0x70000-0x73fff irq 29 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta2: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta2: Ethernet address: 00:08:a2:10:f2:1a
Jul 10 14:29:29 ProfessorX kernel: miibus5: <MII bus> on mvneta2
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1: <Marvell 88E1512 Gigabit PHY> PHY 0 on miibus5
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: rtc0: <Marvell Integrated RTC> mem 0xa3800-0xa381f,0x184a0-0x184ab irq 30 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: rtc0: registered as a time-of-day clock, resolution 1.000000s
Jul 10 14:29:29 ProfessorX kernel: ahci0: <Marvell AHCI Controller> mem 0xa8000-0xa9fff irq 31 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: ahci0: AHCI v1.00 with 2 6Gbps ports, Port Multiplier supported with FBS
Jul 10 14:29:29 ProfessorX kernel: ahci0: quirks=0x200010<2CH,MRVL_SR_DEL>
Jul 10 14:29:29 ProfessorX kernel: ahcich0: <AHCI channel> at channel 0 on ahci0
Jul 10 14:29:29 ProfessorX kernel: ahcich1: <AHCI channel> at channel 1 on ahci0
Jul 10 14:29:29 ProfessorX kernel: armada_thermal0: <Armada380 Thermal Control> mem 0xe4078-0xe407b,0xe4074-0xe4077 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: <ARMADA38X SDHCI controller> mem 0xd8000-0xd8fff,0xdc000-0xdc0ff,0x18454-0x18457 irq 34 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: 1 slot(s) allocated
Jul 10 14:29:29 ProfessorX kernel: xhci0: <Marvell Integrated USB 3.0 controller> mem 0xf8000-0xfbfff,0xfc000-0xfffff irq 36 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: xhci0: 32 bytes context size, 32-bit DMA
Jul 10 14:29:29 ProfessorX kernel: usbus1 on xhci0
Jul 10 14:29:29 ProfessorX kernel: pcib_ctrl0: <Marvell Integrated PCIe Bus Controller> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: pcib0: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci0: <PCI bus> on pcib0
Jul 10 14:29:29 ProfessorX kernel: pcib1: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci1: <PCI bus> on pcib1
Jul 10 14:29:29 ProfessorX kernel: pcib2: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci2: <PCI bus> on pcib2
Jul 10 14:29:29 ProfessorX kernel: pcib3: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci3: <PCI bus> on pcib3
Jul 10 14:29:29 ProfessorX kernel: cpulist0: <Open Firmware CPU Group> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: cpu0: <Open Firmware CPU> on cpulist0
Jul 10 14:29:29 ProfessorX kernel: cpu1: <Open Firmware CPU> on cpulist0
                              bmeeksB 1 Reply Last reply Reply Quote 0
                              • bmeeksB
                                bmeeks @Burner27
                                last edited by bmeeks

                                @Burner27 said in SG3100 limitations:

                                Jul 10 13:35:02 ProfessorX kernel: mvneta1: promiscuous mode enabled
                                Jul 10 13:40:28 ProfessorX check_reload_status: Syncing firewall
                                Jul 10 13:40:54 ProfessorX check_reload_status: Syncing firewall
                                Jul 10 13:48:31 ProfessorX php-fpm[61390]: /index.php: User logged out for user 'admin' from: 192.168.1.145 (Local Database)
                                Jul 10 14:00:00 ProfessorX php: [pfBlockerNG] Starting cron process.
                                Jul 10 14:00:28 ProfessorX php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
                                Jul 10 14:29:29 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel

                                So looking at the log snippet posted, there was a period of about 55 minutes between the completion of Snort loading and starting up and the firewall reboot. The last Snort-related line is this one:

                                Jul 10 13:35:02 ProfessorX kernel: mvneta1: promiscuous mode enabled

                                That line is logged by the kernel when libpcap (called by Snort's DAQ subsystem) places the interface in promiscuous mode for packet capturing. 25 minutes after the Snort start, pfBlockerNG's cron task ran (at 14:00). Here is that line:

                                Jul 10 14:00:00 ProfessorX php: [pfBlockerNG] Starting cron process.

                                The reboot seems to have occurred here, almost 30 minutes later at 14:29:29:

                                Jul 10 14:29:29 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel

                                So I'm not 100% convinced Snort is the problem. Not saying it can't be because there have been issues in the past with ARM hardware, but those issues have always surfaced within 10 minutes or less of run time (usually within 3 to 5 minutes); and have always resulted not in a reboot, but rather a crash of the Snort process with a Signal 10 memory bus error logged.

                                1 Reply Last reply Reply Quote 0
                                • B
                                  Burner27
                                  last edited by

                                  I couldnt paste the entire txt file due to a character limitation here, but the reboot did occur within 10 minutes after I installed SNORT. Is there a way i can get the complete log file to you for analysis?

                                  bmeeksB 1 Reply Last reply Reply Quote 0
                                  • bmeeksB
                                    bmeeks @Burner27
                                    last edited by bmeeks

                                    @Burner27 said in SG3100 limitations:

                                    I couldnt paste the entire txt file due to a character limitation here, but the reboot did occur within 10 minutes after I installed SNORT. Is there a way i can get the complete log file to you for analysis?

                                    You can highlight and copy-paste the section showing the reboot here. What you posted appeared to be in chronological order sorted with the most recent events last. I happen to set my system to log the other way with the most recent events displayed first. But it really does not matter.

                                    From the log snippet you posted, I'm not immediately seeing anything missing between the 13:35 last Snort entry and the 14:29 firewall reboot. Tell me what is missing in that section of time, and then copy-paste just those lines here.

                                    You are also free to export the entire system log to a text file and upload that file there (even zipping it if required to reduce the size). However, that really isn't necessary if you just isolate and post the section covering the time interval between when Snort finished starting up and when you say the first reboot happened.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      Burner27
                                      last edited by 

                                      l 10 14:00:00 ProfessorX php: [pfBlockerNG] Starting cron process.
Jul 10 14:00:28 ProfessorX php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Jul 10 14:29:29 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1992-2020 The FreeBSD Project.
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Jul 10 14:29:29 ProfessorX kernel: 	The Regents of the University of California. All rights reserved.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD 11.3-STABLE #238 885b1ed26b6(factory-RELENG_2_4_5): Tue Jun  2 17:52:40 EDT 2020
Jul 10 14:29:29 ProfessorX kernel:     root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-245-armv6/obj/armv6/kJlGauaG/arm.armv6/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/sys/pfSense-SG-3100 arm
Jul 10 14:29:29 ProfessorX kernel: FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
Jul 10 14:29:29 ProfessorX kernel: CPU: ARM Cortex-A9 r4p1 (ECO: 0x00000000)
Jul 10 14:29:29 ProfessorX kernel: CPU Features: 
Jul 10 14:29:29 ProfessorX kernel:   Multiprocessing, Thumb2, Security, VMSAv7, Coherent Walk
Jul 10 14:29:29 ProfessorX kernel: Optional instructions: 
Jul 10 14:29:29 ProfessorX kernel:   UMULL, SMULL, SIMD(ext)
Jul 10 14:29:29 ProfessorX kernel: LoUU:2 LoC:2 LoUIS:2 
Jul 10 14:29:29 ProfessorX kernel: Cache level 1:
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way instruction cache Read-Alloc
Jul 10 14:29:29 ProfessorX kernel: real memory  = 2147479552 (2047 MB)
Jul 10 14:29:29 ProfessorX kernel: avail memory = 2073812992 (1977 MB)
Jul 10 14:29:29 ProfessorX kernel: SOC: Marvell 88F6820, TClock 250MHz, Frequency 1600MHz
Jul 10 14:29:29 ProfessorX kernel:   Instruction cache prefetch enabled, data cache prefetch disabled
Jul 10 14:29:29 ProfessorX kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
Jul 10 14:29:29 ProfessorX kernel: wlan: mac acl policy registered
Jul 10 14:29:29 ProfessorX kernel: random: entropy device external interface
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0135c50, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0135d00, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xc013f1ec, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc013f29c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc013f34c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0135ba0, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ofwbus0: <Open Firmware Device Tree>
Jul 10 14:29:29 ProfessorX kernel: simplebus0: <Flattened device tree simple bus> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: simplebus1: <Flattened device tree simple bus> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: l2cache0: <PL310 L2 cache controller> mem 0x8000-0x8fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: l2cache0: cannot allocate IRQ, not using interrupt
Jul 10 14:29:29 ProfessorX kernel: l2cache0: Part number: 0x3, release: 0x9
Jul 10 14:29:29 ProfessorX kernel: l2cache0: L2 Cache enabled: 1024KB/32B 16 ways
Jul 10 14:29:29 ProfessorX kernel: gic0: <ARM Generic Interrupt Controller> mem 0xd000-0xdfff,0xc100-0xc1ff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: gic0: pn 0x390, arch 0x1, rev 0x2, implementer 0x43b irqs 192
Jul 10 14:29:29 ProfessorX kernel: mpic0: <Marvell Integrated Interrupt Controller> mem 0x20a00-0x20ccf,0x21870-0x21b6f irq 19 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mp_tmr0: <ARM MPCore Timers> mem 0xc200-0xc21f irq 3 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Timecounter "MPCore" frequency 800000000 Hz quality 800
Jul 10 14:29:29 ProfessorX kernel: mp_tmr1: <ARM MPCore Timers> mem 0xc600-0xc61f irq 4 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Event timer "MPCore" frequency 800000000 Hz quality 1000
Jul 10 14:29:29 ProfessorX kernel: cesa0: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x90fff,0x9d000-0x9dfff irq 1 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: cesa1: <Marvell Cryptographic Engine and Security Accelerator> mem 0x92000-0x92fff,0x9f000-0x9ffff irq 2 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: spi0: <Marvell SPI controller> mem 0x10600-0x1064f irq 5 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: twsi0: <Marvell Integrated I2C Bus Controller> mem 0x11000-0x1101f irq 7 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: iicbus0: <OFW I2C bus> on twsi0
Jul 10 14:29:29 ProfessorX kernel: iic0: <I2C generic I/O> on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpio0: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio0 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: gpio0: <ISSI IS31FL3199 9 channel light effect LED driver> at addr 0xce on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpiobus0: <OFW GPIO bus> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpioc0: <GPIO controller> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpio1: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio1 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: uart0: <Non-standard ns8250 class UART with FIFOs> mem 0x12000-0x120ff irq 9 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: uart0: console (-1,n,8,1)
Jul 10 14:29:29 ProfessorX kernel: uart1: <16550 or compatible> mem 0x12100-0x121ff irq 10 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: <Marvell CPU Timer> mem 0x20300-0x20333,0x20704-0x20707,0x18260-0x18263 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: only watchdog attached
Jul 10 14:29:29 ProfessorX kernel: pmsu0: <Power Management Service Unit> mem 0x22000-0x22fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: <NETA controller> mem 0x30000-0x33fff irq 26 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta0: Ethernet address: 00:08:a2:10:f2:18
Jul 10 14:29:29 ProfessorX kernel: miibus0: <MII bus> on mvneta0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0: <Marvell 88E1512 Gigabit PHY> PHY 1 on miibus0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: mvneta1: <NETA controller> mem 0x34000-0x37fff irq 27 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta1: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta1: Ethernet address: 00:08:a2:10:f2:19
Jul 10 14:29:29 ProfessorX kernel: mdio0: <MDIO> on mvneta1
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: <Marvell 88E6141> on mdio0
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: single-chip addressing mode
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 1
Jul 10 14:29:29 ProfessorX kernel: miibus1: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy0: <Marvell 88E1000 Gigabit PHY> PHY 17 on miibus1
Jul 10 14:29:29 ProfessorX kernel: e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 2
Jul 10 14:29:29 ProfessorX kernel: miibus2: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy1: <Marvell 88E1000 Gigabit PHY> PHY 18 on miibus2
Jul 10 14:29:29 ProfessorX kernel: e1000phy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 3
Jul 10 14:29:29 ProfessorX kernel: miibus3: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy2: <Marvell 88E1000 Gigabit PHY> PHY 19 on miibus3
Jul 10 14:29:29 ProfessorX kernel: e1000phy2:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 4
Jul 10 14:29:29 ProfessorX kernel: miibus4: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy3: <Marvell 88E1000 Gigabit PHY> PHY 20 on miibus4
Jul 10 14:29:29 ProfessorX kernel: e1000phy3:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: CPU port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: fixed port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: switch is ready.
Jul 10 14:29:29 ProfessorX kernel: etherswitch0: <Switch controller> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: ehci0: <Marvell Integrated USB 2.0 controller> mem 0x58000-0x584ff irq 28 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: usbus0: EHCI version 1.0
Jul 10 14:29:29 ProfessorX kernel: usbus0 on ehci0
Jul 10 14:29:29 ProfessorX kernel: mvneta2: <NETA controller> mem 0x70000-0x73fff irq 29 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta2: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta2: Ethernet address: 00:08:a2:10:f2:1a
Jul 10 14:29:29 ProfessorX kernel: miibus5: <MII bus> on mvneta2
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1: <Marvell 88E1512 Gigabit PHY> PHY 0 on miibus5
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: rtc0: <Marvell Integrated RTC> mem 0xa3800-0xa381f,0x184a0-0x184ab irq 30 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: rtc0: registered as a time-of-day clock, resolution 1.000000s
Jul 10 14:29:29 ProfessorX kernel: ahci0: <Marvell AHCI Controller> mem 0xa8000-0xa9fff irq 31 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: ahci0: AHCI v1.00 with 2 6Gbps ports, Port Multiplier supported with FBS
Jul 10 14:29:29 ProfessorX kernel: ahci0: quirks=0x200010<2CH,MRVL_SR_DEL>
Jul 10 14:29:29 ProfessorX kernel: ahcich0: <AHCI channel> at channel 0 on ahci0
Jul 10 14:29:29 ProfessorX kernel: ahcich1: <AHCI channel> at channel 1 on ahci0
Jul 10 14:29:29 ProfessorX kernel: armada_thermal0: <Armada380 Thermal Control> mem 0xe4078-0xe407b,0xe4074-0xe4077 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: <ARMADA38X SDHCI controller> mem 0xd8000-0xd8fff,0xdc000-0xdc0ff,0x18454-0x18457 irq 34 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: 1 slot(s) allocated
Jul 10 14:29:29 ProfessorX kernel: xhci0: <Marvell Integrated USB 3.0 controller> mem 0xf8000-0xfbfff,0xfc000-0xfffff irq 36 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: xhci0: 32 bytes context size, 32-bit DMA
Jul 10 14:29:29 ProfessorX kernel: usbus1 on xhci0
Jul 10 14:29:29 ProfessorX kernel: pcib_ctrl0: <Marvell Integrated PCIe Bus Controller> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: pcib0: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci0: <PCI bus> on pcib0
Jul 10 14:29:29 ProfessorX kernel: pcib1: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci1: <PCI bus> on pcib1
Jul 10 14:29:29 ProfessorX kernel: pcib2: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci2: <PCI bus> on pcib2
Jul 10 14:29:29 ProfessorX kernel: pcib3: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci3: <PCI bus> on pcib3
Jul 10 14:29:29 ProfessorX kernel: cpulist0: <Open Firmware CPU Group> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: cpu0: <Open Firmware CPU> on cpulist0
Jul 10 14:29:29 ProfessorX kernel: cpu1: <Open Firmware CPU> on cpulist0
Jul 10 14:29:29 ProfessorX kernel: cryptosoft0: <software crypto>
Jul 10 14:29:29 ProfessorX kernel: Timecounters tick every 1.000 msec
Jul 10 14:29:29 ProfessorX kernel: mvneta1: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: spibus0: <OFW SPI bus> on spi0
Jul 10 14:29:29 ProfessorX kernel: mx25l0: <M25Pxx Flash Family> at cs 0 mode 0 on spibus0
Jul 10 14:29:29 ProfessorX kernel: mx25l0: device type w25q32jv, size 4096K in 64 sectors of 64K, erase size 4K
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port2: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port3: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port4: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: usbus0: 480Mbps High Speed USB v2.0
Jul 10 14:29:29 ProfessorX kernel: usbus1: 5.0Gbps Super Speed USB v3.0
Jul 10 14:29:29 ProfessorX kernel: ugen0.1: <Marvell EHCI root HUB> at usbus0
Jul 10 14:29:29 ProfessorX kernel: uhub0: <Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
Jul 10 14:29:29 ProfessorX kernel: ugen1.1: <Marvell XHCI root HUB> at usbus1
Jul 10 14:29:29 ProfessorX kernel: uhub1: <Marvell XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
Jul 10 14:29:29 ProfessorX kernel: uhub1: 2 ports with 2 removable, self powered
Jul 10 14:29:29 ProfessorX kernel: mmc0: <MMC/SD bus> on sdhci_fdt0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0: 8GB <MMCHC M32508 0.1 SN 323980C2 MFG 11/2018 by 112 0x0000> at mmc0 50.0MHz/8bit/65535-block
Jul 10 14:29:29 ProfessorX kernel: mmcsd0boot0: 4MB partion 1 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0boot1: 4MB partion 2 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0rpmb: 4MB partion 3 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: uhub0: 1 port with 1 removable, self powered
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: ada0 at ahcich1 bus 0 scbus1 target 0 lun 0
Jul 10 14:29:29 ProfessorX kernel: ada0: <ATP SATA III M.2 2242 SBFMB1.1> ACS-4 ATA SATA 3.x device
Jul 10 14:29:29 ProfessorX kernel: ada0: Serial Number 4AC9070114FB00000143
Jul 10 14:29:29 ProfessorX kernel: ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
Jul 10 14:29:29 ProfessorX kernel: ada0: Command Queueing enabled
Jul 10 14:29:29 ProfessorX kernel: ada0: 30533MB (62533296 512 byte sectors)
Jul 10 14:29:29 ProfessorX kernel: Release APs
Jul 10 14:29:29 ProfessorX kernel: Trying to mount root from ufs:/dev/diskid/DISK-4AC9070114FB00000143s2a [rw,noatime]...
Jul 10 14:29:29 ProfessorX kernel: WARNING: / was not properly dismounted
Jul 10 14:29:29 ProfessorX kernel: WARNING: /: mount pending error: blocks 128 files 1
Jul 10 14:29:29 ProfessorX kernel: random: unblocking device.
Jul 10 14:29:29 ProfessorX kernel: lo0: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to DOWN
Jul 10 14:29:29 ProfessorX check_reload_status: Linkup starting e6000sw0port1
Jul 10 14:29:29 ProfessorX check_reload_status: Linkup starting mvneta2
Jul 10 14:29:29 ProfessorX kernel: mvneta2: link state changed to UP
Jul 10 14:29:30 ProfessorX check_reload_status: rc.newwanip starting mvneta2
Jul 10 14:29:30 ProfessorX check_reload_status: Linkup starting mvneta0
Jul 10 14:29:30 ProfessorX kernel: mvneta0: link state changed to UP
Jul 10 14:29:30 ProfessorX ppp: Multi-link PPP daemon for FreeBSD
Jul 10 14:29:30 ProfessorX ppp:  
Jul 10 14:29:30 ProfessorX ppp: process 18821 started, version 5.8 (root@pfSense_factory-v2_4_5_armv6-pfSense_factory-v2_4_5-job-04 18:42 31-Jan-2020)
Jul 10 14:29:30 ProfessorX ppp: web: web is not running
Jul 10 14:29:30 ProfessorX ppp: [opt1] Bundle: Interface ng0 created
Jul 10 14:29:30 ProfessorX kernel: ng0: changing name to 'pppoe0'
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] Link: OPEN event
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: Open event
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: state change Initial --> Starting
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: LayerStart
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] PPPoE: Connecting to ''
Jul 10 14:29:31 ProfessorX php-fpm[363]: /rc.newwanip: rc.newwanip: Info: starting on mvneta2.
Jul 10 14:29:31 ProfessorX php-fpm[363]: /rc.newwanip: rc.newwanip: on (IP address: 24.164.183.70) (interface: SPECTRUM[wan]) (real interface: mvneta2).
Jul 10 14:29:32 ProfessorX ppp: PPPoE: rec'd ACNAME "adr01.monr.ny"
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PPPoE: connection successful
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] Link: UP event
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: Up event
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Starting --> Req-Sent
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: SendConfigReq #1
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   PROTOCOMP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x626ee7c3
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: rec'd Configure Request #37 (Req-Sent)
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   AUTHPROTO PAP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x4750bf95
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: SendConfigAck #37
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   AUTHPROTO PAP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x4750bf95
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Req-Sent --> Ack-Sent
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: rec'd Configure Ack #1 (Ack-Sent)
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   PROTOCOMP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x626ee7c3
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Ack-Sent --> Opened
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: auth: peer wants PAP, I want nothing
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PAP: using authname "699041-913281@connect.frontier.com"
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PAP: sending REQUEST #1 len: 55
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: LayerUp
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] PAP: rec'd ACK #1 len: 5
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: authorization successful
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] Link: Matched action 'bundle "opt1" ""'
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] Link: Join bundle "opt1"
Jul 10 14:29:33 ProfessorX ppp: [opt1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: Open event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Initial --> Starting
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: LayerStart
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: Open event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Initial --> Starting
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: LayerStart
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Starting --> Req-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #1
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 0.0.0.0
Jul 10 14:29:33 ProfessorX ppp: [opt1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Starting --> Req-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: SendConfigReq #1
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Request #84 (Req-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp: [opt1]     74.42.148.136 is OK
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigAck #84
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Req-Sent --> Ack-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #2
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 0.0.0.0
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: rec'd Protocol Reject #38 (Opened)
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: protocol IPV6CP was rejected
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: protocol was rejected by peer
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Req-Sent --> Stopped
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: LayerFinish
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
Jul 10 14:29:33 ProfessorX kernel: e6000sw0port1: link state changed to UP
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX ppp: [opt1]     50.49.193.168 is OK
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #3
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX check_reload_status: Linkup starting e6000sw0port1
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Ack-Sent --> Opened
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: LayerUp
Jul 10 14:29:33 ProfessorX ppp: [opt1]   50.49.193.168 -> 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp-linkup: Removing states to old router 74.42.148.136
Jul 10 14:29:33 ProfessorX check_reload_status: rc.newwanip starting pppoe0
Jul 10 14:29:33 ProfessorX ppp: [opt1] IFACE: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IFACE: Rename interface ng0 to pppoe0
Jul 10 14:29:33 ProfessorX php-cgi: rc.bootup: Resyncing OpenVPN instances.
Jul 10 14:29:33 ProfessorX kernel: pflog0: promiscuous mode enabled
Jul 10 14:29:34 ProfessorX kernel: ....
Jul 10 14:29:34 ProfessorX php-fpm[362]: /rc.newwanip: rc.newwanip: Info: starting on pppoe0.
Jul 10 14:29:34 ProfessorX php-fpm[362]: /rc.newwanip: rc.newwanip: on (IP address: 50.49.193.168) (interface: FRONTIER[opt1]) (real interface: pppoe0).
Jul 10 14:29:34 ProfessorX kernel: .done.
Jul 10 14:29:34 ProfessorX kernel: done.
Jul 10 14:29:35 ProfessorX php-cgi: rc.bootup: Gateway, none 'available' for inet6, use the first one configured. ''
Jul 10 14:29:35 ProfessorX kernel: done.
Jul 10 14:29:35 ProfessorX php-fpm[362]: /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. ''
Jul 10 14:29:35 ProfessorX php-fpm[362]: /rc.newwanip: IP Address has changed, killing states on former IP Address 50.49.207.243.
Jul 10 14:29:36 ProfessorX php-cgi: rc.bootup: sync unbound done.
Jul 10 14:29:36 ProfessorX kernel: done.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1594405777] unbound[94418:0] error: bind: address already in use [1594405777] unbound[94418:0] fatal error: could not open ports' 
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: sync unbound done.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: Resyncing OpenVPN instances for interface FRONTIER.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: Creating rrd update script
Jul 10 14:29:37 ProfessorX kernel: done.
Jul 10 14:29:38 ProfessorX kernel: done.
Jul 10 14:29:38 ProfessorX php-cgi: rc.bootup: NTPD is starting up.
Jul 10 14:29:38 ProfessorX kernel: done.
Jul 10 14:29:39 ProfessorX kernel: done.
Jul 10 14:29:39 ProfessorX check_reload_status: Updating all dyndns
Jul 10 14:29:39 ProfessorX kernel: ....
Jul 10 14:29:39 ProfessorX php-fpm[362]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 50.49.207.243 ->  50.49.193.168 - Restarting packages.
Jul 10 14:29:39 ProfessorX check_reload_status: Starting packages
Jul 10 14:29:39 ProfessorX kernel: .done.
Jul 10 14:29:40 ProfessorX php-fpm[362]: /rc.start_packages: Restarting/Starting all packages.
Jul 10 14:29:40 ProfessorX php-fpm[363]: /rc.dyndns.update: phpDynDNS (professorx.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Jul 10 14:29:41 ProfessorX check_reload_status: Syncing firewall
Jul 10 14:29:41 ProfessorX php-fpm[362]: /rc.start_packages: [pfBlockerNG] Update terminated during boot process. If the boot process has completed, delete the file: /var/run/booting.
Jul 10 14:29:42 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:42 ProfessorX SnortStartup[97879]: Snort START for LAN(44407_mvneta1)...
Jul 10 14:29:43 ProfessorX php_pfb: [pfBlockerNG] filterlog daemon started
Jul 10 14:29:43 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:44 ProfessorX php-cgi: rc.bootup: Creating rrd update script
Jul 10 14:29:44 ProfessorX kernel: done.
Jul 10 14:29:44 ProfessorX kernel: done.
Jul 10 14:29:45 ProfessorX root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:47 ProfessorX syslogd: exiting on signal 15
Jul 10 14:29:47 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel
Jul 10 14:29:47 ProfessorX kernel: done.
Jul 10 14:29:48 ProfessorX kernel: done.
Jul 10 14:29:50 ProfessorX php-fpm[94759]: /rc.start_packages: Restarting/Starting all packages.
Jul 10 14:29:50 ProfessorX check_reload_status: Syncing firewall
Jul 10 14:29:51 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:51 ProfessorX check_reload_status: Reloading filter
Jul 10 14:29:51 ProfessorX php-fpm[94759]: [pfBlockerNG] Restarting firewall filter daemon
Jul 10 14:29:52 ProfessorX SnortStartup[90494]: Ignoring additional START command since Snort is already starting...
Jul 10 14:29:53 ProfessorX kernel: mvneta1: promiscuous mode enabled
Jul 10 14:29:53 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:54 ProfessorX php_pfb: [pfBlockerNG] filterlog daemon started
Jul 10 14:29:54 ProfessorX getty[18140]: open /dev/ttyv0: No such file or directory
Jul 10 14:29:54 ProfessorX login: login on ttyu0 as root
Jul 10 14:30:01 ProfessorX php-fpm[362]: /index.php: Successful login for user 'admin' from: 192.168.1.145 (Local Database)
                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        Burner27
                                        last edited by

                                        That's the last part of the log file i think.

                                        bmeeksB 1 Reply Last reply Reply Quote 0
                                        • bmeeksB
                                          bmeeks @Burner27
                                          last edited by

                                          @Burner27 said in SG3100 limitations:

                                          That's the last part of the log file i think.

                                          I don't see anything wrong in there. What you posted is the normal bootup sequence for your firewall. Towards the end of the bootup sequence, it started Snort on your LAN interface. All of that looks fine.

                                          I see nothing in that log to implicate any package in the unexpected reboot. No error messages of any kind. You might have a hardware or power issue, but even there nothing is apparent in the log. All I see is a normal startup of Snort at the 13:35 mark on July 10, and then a firewall boot that started at 14:29:29 on July 10. That reboot was complete and a "start" signal was sent to Snort on your LAN interface at 14:29:42 on July 10.

                                          1 Reply Last reply Reply Quote 0
                                          • B
                                            Burner27
                                            last edited by

                                            I thank you for looking it over. The only thing I can say is it happens only when SNORT is installed. Even SNORT by itself.

                                            bmeeksB 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post