Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG3100 limitations

    Official Netgate® Hardware
    6
    52
    7.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Burner27
      last edited by

      I couldnt paste the entire txt file due to a character limitation here, but the reboot did occur within 10 minutes after I installed SNORT. Is there a way i can get the complete log file to you for analysis?

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @Burner27
        last edited by bmeeks

        @Burner27 said in SG3100 limitations:

        I couldnt paste the entire txt file due to a character limitation here, but the reboot did occur within 10 minutes after I installed SNORT. Is there a way i can get the complete log file to you for analysis?

        You can highlight and copy-paste the section showing the reboot here. What you posted appeared to be in chronological order sorted with the most recent events last. I happen to set my system to log the other way with the most recent events displayed first. But it really does not matter.

        From the log snippet you posted, I'm not immediately seeing anything missing between the 13:35 last Snort entry and the 14:29 firewall reboot. Tell me what is missing in that section of time, and then copy-paste just those lines here.

        You are also free to export the entire system log to a text file and upload that file there (even zipping it if required to reduce the size). However, that really isn't necessary if you just isolate and post the section covering the time interval between when Snort finished starting up and when you say the first reboot happened.

        1 Reply Last reply Reply Quote 0
        • B
          Burner27
          last edited by 

          l 10 14:00:00 ProfessorX php: [pfBlockerNG] Starting cron process.
Jul 10 14:00:28 ProfessorX php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Jul 10 14:29:29 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1992-2020 The FreeBSD Project.
Jul 10 14:29:29 ProfessorX kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Jul 10 14:29:29 ProfessorX kernel: 	The Regents of the University of California. All rights reserved.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Jul 10 14:29:29 ProfessorX kernel: FreeBSD 11.3-STABLE #238 885b1ed26b6(factory-RELENG_2_4_5): Tue Jun  2 17:52:40 EDT 2020
Jul 10 14:29:29 ProfessorX kernel:     root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-245-armv6/obj/armv6/kJlGauaG/arm.armv6/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/sys/pfSense-SG-3100 arm
Jul 10 14:29:29 ProfessorX kernel: FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
Jul 10 14:29:29 ProfessorX kernel: CPU: ARM Cortex-A9 r4p1 (ECO: 0x00000000)
Jul 10 14:29:29 ProfessorX kernel: CPU Features: 
Jul 10 14:29:29 ProfessorX kernel:   Multiprocessing, Thumb2, Security, VMSAv7, Coherent Walk
Jul 10 14:29:29 ProfessorX kernel: Optional instructions: 
Jul 10 14:29:29 ProfessorX kernel:   UMULL, SMULL, SIMD(ext)
Jul 10 14:29:29 ProfessorX kernel: LoUU:2 LoC:2 LoUIS:2 
Jul 10 14:29:29 ProfessorX kernel: Cache level 1:
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
Jul 10 14:29:29 ProfessorX kernel:  32KB/32B 4-way instruction cache Read-Alloc
Jul 10 14:29:29 ProfessorX kernel: real memory  = 2147479552 (2047 MB)
Jul 10 14:29:29 ProfessorX kernel: avail memory = 2073812992 (1977 MB)
Jul 10 14:29:29 ProfessorX kernel: SOC: Marvell 88F6820, TClock 250MHz, Frequency 1600MHz
Jul 10 14:29:29 ProfessorX kernel:   Instruction cache prefetch enabled, data cache prefetch disabled
Jul 10 14:29:29 ProfessorX kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
Jul 10 14:29:29 ProfessorX kernel: wlan: mac acl policy registered
Jul 10 14:29:29 ProfessorX kernel: random: entropy device external interface
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0135c50, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0135d00, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xc013f1ec, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc013f29c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc013f34c, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
Jul 10 14:29:29 ProfessorX kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Jul 10 14:29:29 ProfessorX kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0135ba0, 0) error 1
Jul 10 14:29:29 ProfessorX kernel: ofwbus0: <Open Firmware Device Tree>
Jul 10 14:29:29 ProfessorX kernel: simplebus0: <Flattened device tree simple bus> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: simplebus1: <Flattened device tree simple bus> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: l2cache0: <PL310 L2 cache controller> mem 0x8000-0x8fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: l2cache0: cannot allocate IRQ, not using interrupt
Jul 10 14:29:29 ProfessorX kernel: l2cache0: Part number: 0x3, release: 0x9
Jul 10 14:29:29 ProfessorX kernel: l2cache0: L2 Cache enabled: 1024KB/32B 16 ways
Jul 10 14:29:29 ProfessorX kernel: gic0: <ARM Generic Interrupt Controller> mem 0xd000-0xdfff,0xc100-0xc1ff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: gic0: pn 0x390, arch 0x1, rev 0x2, implementer 0x43b irqs 192
Jul 10 14:29:29 ProfessorX kernel: mpic0: <Marvell Integrated Interrupt Controller> mem 0x20a00-0x20ccf,0x21870-0x21b6f irq 19 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mp_tmr0: <ARM MPCore Timers> mem 0xc200-0xc21f irq 3 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Timecounter "MPCore" frequency 800000000 Hz quality 800
Jul 10 14:29:29 ProfessorX kernel: mp_tmr1: <ARM MPCore Timers> mem 0xc600-0xc61f irq 4 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: Event timer "MPCore" frequency 800000000 Hz quality 1000
Jul 10 14:29:29 ProfessorX kernel: cesa0: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x90fff,0x9d000-0x9dfff irq 1 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: cesa1: <Marvell Cryptographic Engine and Security Accelerator> mem 0x92000-0x92fff,0x9f000-0x9ffff irq 2 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: spi0: <Marvell SPI controller> mem 0x10600-0x1064f irq 5 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: twsi0: <Marvell Integrated I2C Bus Controller> mem 0x11000-0x1101f irq 7 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: iicbus0: <OFW I2C bus> on twsi0
Jul 10 14:29:29 ProfessorX kernel: iic0: <I2C generic I/O> on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpio0: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio0 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: gpio0: <ISSI IS31FL3199 9 channel light effect LED driver> at addr 0xce on iicbus0
Jul 10 14:29:29 ProfessorX kernel: gpiobus0: <OFW GPIO bus> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpioc0: <GPIO controller> on gpio0
Jul 10 14:29:29 ProfessorX kernel: gpio1: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
Jul 10 14:29:29 ProfessorX kernel: device_attach: gpio1 attach returned 6
Jul 10 14:29:29 ProfessorX kernel: uart0: <Non-standard ns8250 class UART with FIFOs> mem 0x12000-0x120ff irq 9 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: uart0: console (-1,n,8,1)
Jul 10 14:29:29 ProfessorX kernel: uart1: <16550 or compatible> mem 0x12100-0x121ff irq 10 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: <Marvell CPU Timer> mem 0x20300-0x20333,0x20704-0x20707,0x18260-0x18263 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: timer0: only watchdog attached
Jul 10 14:29:29 ProfessorX kernel: pmsu0: <Power Management Service Unit> mem 0x22000-0x22fff on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: <NETA controller> mem 0x30000-0x33fff irq 26 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta0: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta0: Ethernet address: 00:08:a2:10:f2:18
Jul 10 14:29:29 ProfessorX kernel: miibus0: <MII bus> on mvneta0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0: <Marvell 88E1512 Gigabit PHY> PHY 1 on miibus0
Jul 10 14:29:29 ProfessorX kernel: mv88e151x0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: mvneta1: <NETA controller> mem 0x34000-0x37fff irq 27 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta1: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta1: Ethernet address: 00:08:a2:10:f2:19
Jul 10 14:29:29 ProfessorX kernel: mdio0: <MDIO> on mvneta1
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: <Marvell 88E6141> on mdio0
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: single-chip addressing mode
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 1
Jul 10 14:29:29 ProfessorX kernel: miibus1: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy0: <Marvell 88E1000 Gigabit PHY> PHY 17 on miibus1
Jul 10 14:29:29 ProfessorX kernel: e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 2
Jul 10 14:29:29 ProfessorX kernel: miibus2: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy1: <Marvell 88E1000 Gigabit PHY> PHY 18 on miibus2
Jul 10 14:29:29 ProfessorX kernel: e1000phy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 3
Jul 10 14:29:29 ProfessorX kernel: miibus3: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy2: <Marvell 88E1000 Gigabit PHY> PHY 19 on miibus3
Jul 10 14:29:29 ProfessorX kernel: e1000phy2:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: PHY at port 4
Jul 10 14:29:29 ProfessorX kernel: miibus4: <MII bus> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: e1000phy3: <Marvell 88E1000 Gigabit PHY> PHY 20 on miibus4
Jul 10 14:29:29 ProfessorX kernel: e1000phy3:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: CPU port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: fixed port at 5
Jul 10 14:29:29 ProfessorX kernel: e6000sw0: switch is ready.
Jul 10 14:29:29 ProfessorX kernel: etherswitch0: <Switch controller> on e6000sw0
Jul 10 14:29:29 ProfessorX kernel: ehci0: <Marvell Integrated USB 2.0 controller> mem 0x58000-0x584ff irq 28 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: usbus0: EHCI version 1.0
Jul 10 14:29:29 ProfessorX kernel: usbus0 on ehci0
Jul 10 14:29:29 ProfessorX kernel: mvneta2: <NETA controller> mem 0x70000-0x73fff irq 29 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: mvneta2: version is 10
Jul 10 14:29:29 ProfessorX kernel: mvneta2: Ethernet address: 00:08:a2:10:f2:1a
Jul 10 14:29:29 ProfessorX kernel: miibus5: <MII bus> on mvneta2
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1: <Marvell 88E1512 Gigabit PHY> PHY 0 on miibus5
Jul 10 14:29:29 ProfessorX kernel: mv88e151x1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseSX, 1000baseSX-FDX, auto
Jul 10 14:29:29 ProfessorX kernel: rtc0: <Marvell Integrated RTC> mem 0xa3800-0xa381f,0x184a0-0x184ab irq 30 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: rtc0: registered as a time-of-day clock, resolution 1.000000s
Jul 10 14:29:29 ProfessorX kernel: ahci0: <Marvell AHCI Controller> mem 0xa8000-0xa9fff irq 31 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: ahci0: AHCI v1.00 with 2 6Gbps ports, Port Multiplier supported with FBS
Jul 10 14:29:29 ProfessorX kernel: ahci0: quirks=0x200010<2CH,MRVL_SR_DEL>
Jul 10 14:29:29 ProfessorX kernel: ahcich0: <AHCI channel> at channel 0 on ahci0
Jul 10 14:29:29 ProfessorX kernel: ahcich1: <AHCI channel> at channel 1 on ahci0
Jul 10 14:29:29 ProfessorX kernel: armada_thermal0: <Armada380 Thermal Control> mem 0xe4078-0xe407b,0xe4074-0xe4077 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: <ARMADA38X SDHCI controller> mem 0xd8000-0xd8fff,0xdc000-0xdc0ff,0x18454-0x18457 irq 34 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: sdhci_fdt0: 1 slot(s) allocated
Jul 10 14:29:29 ProfessorX kernel: xhci0: <Marvell Integrated USB 3.0 controller> mem 0xf8000-0xfbfff,0xfc000-0xfffff irq 36 on simplebus1
Jul 10 14:29:29 ProfessorX kernel: xhci0: 32 bytes context size, 32-bit DMA
Jul 10 14:29:29 ProfessorX kernel: usbus1 on xhci0
Jul 10 14:29:29 ProfessorX kernel: pcib_ctrl0: <Marvell Integrated PCIe Bus Controller> on simplebus0
Jul 10 14:29:29 ProfessorX kernel: pcib0: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci0: <PCI bus> on pcib0
Jul 10 14:29:29 ProfessorX kernel: pcib1: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci1: <PCI bus> on pcib1
Jul 10 14:29:29 ProfessorX kernel: pcib2: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci2: <PCI bus> on pcib2
Jul 10 14:29:29 ProfessorX kernel: pcib3: <Marvell Integrated PCI/PCI-E Controller> on pcib_ctrl0
Jul 10 14:29:29 ProfessorX kernel: pci3: <PCI bus> on pcib3
Jul 10 14:29:29 ProfessorX kernel: cpulist0: <Open Firmware CPU Group> on ofwbus0
Jul 10 14:29:29 ProfessorX kernel: cpu0: <Open Firmware CPU> on cpulist0
Jul 10 14:29:29 ProfessorX kernel: cpu1: <Open Firmware CPU> on cpulist0
Jul 10 14:29:29 ProfessorX kernel: cryptosoft0: <software crypto>
Jul 10 14:29:29 ProfessorX kernel: Timecounters tick every 1.000 msec
Jul 10 14:29:29 ProfessorX kernel: mvneta1: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: spibus0: <OFW SPI bus> on spi0
Jul 10 14:29:29 ProfessorX kernel: mx25l0: <M25Pxx Flash Family> at cs 0 mode 0 on spibus0
Jul 10 14:29:29 ProfessorX kernel: mx25l0: device type w25q32jv, size 4096K in 64 sectors of 64K, erase size 4K
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port2: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port3: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port4: link state changed to DOWN
Jul 10 14:29:29 ProfessorX kernel: usbus0: 480Mbps High Speed USB v2.0
Jul 10 14:29:29 ProfessorX kernel: usbus1: 5.0Gbps Super Speed USB v3.0
Jul 10 14:29:29 ProfessorX kernel: ugen0.1: <Marvell EHCI root HUB> at usbus0
Jul 10 14:29:29 ProfessorX kernel: uhub0: <Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
Jul 10 14:29:29 ProfessorX kernel: ugen1.1: <Marvell XHCI root HUB> at usbus1
Jul 10 14:29:29 ProfessorX kernel: uhub1: <Marvell XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
Jul 10 14:29:29 ProfessorX kernel: uhub1: 2 ports with 2 removable, self powered
Jul 10 14:29:29 ProfessorX kernel: mmc0: <MMC/SD bus> on sdhci_fdt0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0: 8GB <MMCHC M32508 0.1 SN 323980C2 MFG 11/2018 by 112 0x0000> at mmc0 50.0MHz/8bit/65535-block
Jul 10 14:29:29 ProfessorX kernel: mmcsd0boot0: 4MB partion 1 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0boot1: 4MB partion 2 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: mmcsd0rpmb: 4MB partion 3 at mmcsd0
Jul 10 14:29:29 ProfessorX kernel: uhub0: 1 port with 1 removable, self powered
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: ada0 at ahcich1 bus 0 scbus1 target 0 lun 0
Jul 10 14:29:29 ProfessorX kernel: ada0: <ATP SATA III M.2 2242 SBFMB1.1> ACS-4 ATA SATA 3.x device
Jul 10 14:29:29 ProfessorX kernel: ada0: Serial Number 4AC9070114FB00000143
Jul 10 14:29:29 ProfessorX kernel: ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
Jul 10 14:29:29 ProfessorX kernel: ada0: Command Queueing enabled
Jul 10 14:29:29 ProfessorX kernel: ada0: 30533MB (62533296 512 byte sectors)
Jul 10 14:29:29 ProfessorX kernel: Release APs
Jul 10 14:29:29 ProfessorX kernel: Trying to mount root from ufs:/dev/diskid/DISK-4AC9070114FB00000143s2a [rw,noatime]...
Jul 10 14:29:29 ProfessorX kernel: WARNING: / was not properly dismounted
Jul 10 14:29:29 ProfessorX kernel: WARNING: /: mount pending error: blocks 128 files 1
Jul 10 14:29:29 ProfessorX kernel: random: unblocking device.
Jul 10 14:29:29 ProfessorX kernel: lo0: link state changed to UP
Jul 10 14:29:29 ProfessorX kernel: e6000sw0port1: link state changed to DOWN
Jul 10 14:29:29 ProfessorX check_reload_status: Linkup starting e6000sw0port1
Jul 10 14:29:29 ProfessorX check_reload_status: Linkup starting mvneta2
Jul 10 14:29:29 ProfessorX kernel: mvneta2: link state changed to UP
Jul 10 14:29:30 ProfessorX check_reload_status: rc.newwanip starting mvneta2
Jul 10 14:29:30 ProfessorX check_reload_status: Linkup starting mvneta0
Jul 10 14:29:30 ProfessorX kernel: mvneta0: link state changed to UP
Jul 10 14:29:30 ProfessorX ppp: Multi-link PPP daemon for FreeBSD
Jul 10 14:29:30 ProfessorX ppp:  
Jul 10 14:29:30 ProfessorX ppp: process 18821 started, version 5.8 (root@pfSense_factory-v2_4_5_armv6-pfSense_factory-v2_4_5-job-04 18:42 31-Jan-2020)
Jul 10 14:29:30 ProfessorX ppp: web: web is not running
Jul 10 14:29:30 ProfessorX ppp: [opt1] Bundle: Interface ng0 created
Jul 10 14:29:30 ProfessorX kernel: ng0: changing name to 'pppoe0'
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] Link: OPEN event
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: Open event
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: state change Initial --> Starting
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] LCP: LayerStart
Jul 10 14:29:30 ProfessorX ppp: [opt1_link0] PPPoE: Connecting to ''
Jul 10 14:29:31 ProfessorX php-fpm[363]: /rc.newwanip: rc.newwanip: Info: starting on mvneta2.
Jul 10 14:29:31 ProfessorX php-fpm[363]: /rc.newwanip: rc.newwanip: on (IP address: 24.164.183.70) (interface: SPECTRUM[wan]) (real interface: mvneta2).
Jul 10 14:29:32 ProfessorX ppp: PPPoE: rec'd ACNAME "adr01.monr.ny"
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PPPoE: connection successful
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] Link: UP event
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: Up event
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Starting --> Req-Sent
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: SendConfigReq #1
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   PROTOCOMP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x626ee7c3
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: rec'd Configure Request #37 (Req-Sent)
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   AUTHPROTO PAP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x4750bf95
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: SendConfigAck #37
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   AUTHPROTO PAP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x4750bf95
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Req-Sent --> Ack-Sent
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: rec'd Configure Ack #1 (Ack-Sent)
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   PROTOCOMP
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MRU 1492
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0]   MAGICNUM 0x626ee7c3
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: state change Ack-Sent --> Opened
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: auth: peer wants PAP, I want nothing
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PAP: using authname "699041-913281@connect.frontier.com"
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] PAP: sending REQUEST #1 len: 55
Jul 10 14:29:32 ProfessorX ppp: [opt1_link0] LCP: LayerUp
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] PAP: rec'd ACK #1 len: 5
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: authorization successful
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] Link: Matched action 'bundle "opt1" ""'
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] Link: Join bundle "opt1"
Jul 10 14:29:33 ProfessorX ppp: [opt1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: Open event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Initial --> Starting
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: LayerStart
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: Open event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Initial --> Starting
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: LayerStart
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Starting --> Req-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #1
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 0.0.0.0
Jul 10 14:29:33 ProfessorX ppp: [opt1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Starting --> Req-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: SendConfigReq #1
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Request #84 (Req-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp: [opt1]     74.42.148.136 is OK
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigAck #84
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Req-Sent --> Ack-Sent
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #2
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 0.0.0.0
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: rec'd Protocol Reject #38 (Opened)
Jul 10 14:29:33 ProfessorX ppp: [opt1_link0] LCP: protocol IPV6CP was rejected
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: protocol was rejected by peer
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: state change Req-Sent --> Stopped
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPV6CP: LayerFinish
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
Jul 10 14:29:33 ProfessorX kernel: e6000sw0port1: link state changed to UP
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX ppp: [opt1]     50.49.193.168 is OK
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: SendConfigReq #3
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX check_reload_status: Linkup starting e6000sw0port1
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Jul 10 14:29:33 ProfessorX ppp: [opt1]   IPADDR 50.49.193.168
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: state change Ack-Sent --> Opened
Jul 10 14:29:33 ProfessorX ppp: [opt1] IPCP: LayerUp
Jul 10 14:29:33 ProfessorX ppp: [opt1]   50.49.193.168 -> 74.42.148.136
Jul 10 14:29:33 ProfessorX ppp-linkup: Removing states to old router 74.42.148.136
Jul 10 14:29:33 ProfessorX check_reload_status: rc.newwanip starting pppoe0
Jul 10 14:29:33 ProfessorX ppp: [opt1] IFACE: Up event
Jul 10 14:29:33 ProfessorX ppp: [opt1] IFACE: Rename interface ng0 to pppoe0
Jul 10 14:29:33 ProfessorX php-cgi: rc.bootup: Resyncing OpenVPN instances.
Jul 10 14:29:33 ProfessorX kernel: pflog0: promiscuous mode enabled
Jul 10 14:29:34 ProfessorX kernel: ....
Jul 10 14:29:34 ProfessorX php-fpm[362]: /rc.newwanip: rc.newwanip: Info: starting on pppoe0.
Jul 10 14:29:34 ProfessorX php-fpm[362]: /rc.newwanip: rc.newwanip: on (IP address: 50.49.193.168) (interface: FRONTIER[opt1]) (real interface: pppoe0).
Jul 10 14:29:34 ProfessorX kernel: .done.
Jul 10 14:29:34 ProfessorX kernel: done.
Jul 10 14:29:35 ProfessorX php-cgi: rc.bootup: Gateway, none 'available' for inet6, use the first one configured. ''
Jul 10 14:29:35 ProfessorX kernel: done.
Jul 10 14:29:35 ProfessorX php-fpm[362]: /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. ''
Jul 10 14:29:35 ProfessorX php-fpm[362]: /rc.newwanip: IP Address has changed, killing states on former IP Address 50.49.207.243.
Jul 10 14:29:36 ProfessorX php-cgi: rc.bootup: sync unbound done.
Jul 10 14:29:36 ProfessorX kernel: done.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1594405777] unbound[94418:0] error: bind: address already in use [1594405777] unbound[94418:0] fatal error: could not open ports' 
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: sync unbound done.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: Resyncing OpenVPN instances for interface FRONTIER.
Jul 10 14:29:37 ProfessorX php-fpm[362]: /rc.newwanip: Creating rrd update script
Jul 10 14:29:37 ProfessorX kernel: done.
Jul 10 14:29:38 ProfessorX kernel: done.
Jul 10 14:29:38 ProfessorX php-cgi: rc.bootup: NTPD is starting up.
Jul 10 14:29:38 ProfessorX kernel: done.
Jul 10 14:29:39 ProfessorX kernel: done.
Jul 10 14:29:39 ProfessorX check_reload_status: Updating all dyndns
Jul 10 14:29:39 ProfessorX kernel: ....
Jul 10 14:29:39 ProfessorX php-fpm[362]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 50.49.207.243 ->  50.49.193.168 - Restarting packages.
Jul 10 14:29:39 ProfessorX check_reload_status: Starting packages
Jul 10 14:29:39 ProfessorX kernel: .done.
Jul 10 14:29:40 ProfessorX php-fpm[362]: /rc.start_packages: Restarting/Starting all packages.
Jul 10 14:29:40 ProfessorX php-fpm[363]: /rc.dyndns.update: phpDynDNS (professorx.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Jul 10 14:29:41 ProfessorX check_reload_status: Syncing firewall
Jul 10 14:29:41 ProfessorX php-fpm[362]: /rc.start_packages: [pfBlockerNG] Update terminated during boot process. If the boot process has completed, delete the file: /var/run/booting.
Jul 10 14:29:42 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:42 ProfessorX SnortStartup[97879]: Snort START for LAN(44407_mvneta1)...
Jul 10 14:29:43 ProfessorX php_pfb: [pfBlockerNG] filterlog daemon started
Jul 10 14:29:43 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:43 ProfessorX snort[98103]: AppId
Jul 10 14:29:44 ProfessorX php-cgi: rc.bootup: Creating rrd update script
Jul 10 14:29:44 ProfessorX kernel: done.
Jul 10 14:29:44 ProfessorX kernel: done.
Jul 10 14:29:45 ProfessorX root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:45 ProfessorX snort[98103]: AppId
Jul 10 14:29:47 ProfessorX syslogd: exiting on signal 15
Jul 10 14:29:47 ProfessorX syslogd: kernel boot file is /boot/kernel/kernel
Jul 10 14:29:47 ProfessorX kernel: done.
Jul 10 14:29:48 ProfessorX kernel: done.
Jul 10 14:29:50 ProfessorX php-fpm[94759]: /rc.start_packages: Restarting/Starting all packages.
Jul 10 14:29:50 ProfessorX check_reload_status: Syncing firewall
Jul 10 14:29:51 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:51 ProfessorX check_reload_status: Reloading filter
Jul 10 14:29:51 ProfessorX php-fpm[94759]: [pfBlockerNG] Restarting firewall filter daemon
Jul 10 14:29:52 ProfessorX SnortStartup[90494]: Ignoring additional START command since Snort is already starting...
Jul 10 14:29:53 ProfessorX kernel: mvneta1: promiscuous mode enabled
Jul 10 14:29:53 ProfessorX php: [pfBlockerNG] DNSBL parser daemon started
Jul 10 14:29:54 ProfessorX php_pfb: [pfBlockerNG] filterlog daemon started
Jul 10 14:29:54 ProfessorX getty[18140]: open /dev/ttyv0: No such file or directory
Jul 10 14:29:54 ProfessorX login: login on ttyu0 as root
Jul 10 14:30:01 ProfessorX php-fpm[362]: /index.php: Successful login for user 'admin' from: 192.168.1.145 (Local Database)
          1 Reply Last reply Reply Quote 0
          • B
            Burner27
            last edited by

            That's the last part of the log file i think.

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @Burner27
              last edited by

              @Burner27 said in SG3100 limitations:

              That's the last part of the log file i think.

              I don't see anything wrong in there. What you posted is the normal bootup sequence for your firewall. Towards the end of the bootup sequence, it started Snort on your LAN interface. All of that looks fine.

              I see nothing in that log to implicate any package in the unexpected reboot. No error messages of any kind. You might have a hardware or power issue, but even there nothing is apparent in the log. All I see is a normal startup of Snort at the 13:35 mark on July 10, and then a firewall boot that started at 14:29:29 on July 10. That reboot was complete and a "start" signal was sent to Snort on your LAN interface at 14:29:42 on July 10.

              1 Reply Last reply Reply Quote 0
              • B
                Burner27
                last edited by

                I thank you for looking it over. The only thing I can say is it happens only when SNORT is installed. Even SNORT by itself.

                bmeeksB 1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks @Burner27
                  last edited by bmeeks

                  @Burner27 said in SG3100 limitations:

                  I thank you for looking it over. The only thing I can say is it happens only when SNORT is installed. Even SNORT by itself.

                  All of the dates in that log snippet were from July 10. Is the date on your firewall incorrect, or is the log really that old? What has happened in the 11 days since those log entries were created? Today is July 21, and those entries were from back on July 10 (unless your firewall's date is 11 days off).

                  1 Reply Last reply Reply Quote 0
                  • B
                    Burner27
                    last edited by

                    I can provide you with more log entries, but basically after I installed SNORT on July 10th, and it rebooted 5 minutes later, i removed the SNORT package (and used the option to remove all settings). I then reinstalled it, and I only configured it with a few lists. I only had it update the lists, and did not assign it to an interface to see if that would run ok. I let it run for 5 days and did not have any issues. I then followed this tutorial: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html

                    It was configured for the LAN interface only. It was also running fine for about 4 days after that when I started reading articles about 'Is SNORT/Suricata needed for a home user?' Most of them in the responses (including the ones you commented on) were a resounding no. Being new to pFSense and best practices (also taking into account the hardware in the SG3100), i thought it would be best to remove it and focus on packages that would be effective for home use. I only have 1 server open to the world and it is a VM of Minecraft.

                    Now you are completely up to date!

                    bmeeksB 1 Reply Last reply Reply Quote 0
                    • bmeeksB
                      bmeeks @Burner27
                      last edited by bmeeks

                      @Burner27 said in SG3100 limitations:

                      I can provide you with more log entries, but basically after I installed SNORT on July 10th, and it rebooted 5 minutes later, i removed the SNORT package (and used the option to remove all settings). I then reinstalled it, and I only configured it with a few lists. I only had it update the lists, and did not assign it to an interface to see if that would run ok. I let it run for 5 days and did not have any issues. I then followed this tutorial: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html

                      It was configured for the LAN interface only. It was also running fine for about 4 days after that when I started reading articles about 'Is SNORT/Suricata needed for a home user?' Most of them in the responses (including the ones you commented on) were a resounding no. Being new to pFSense and best practices (also taking into account the hardware in the SG3100), i thought it would be best to remove it and focus on packages that would be effective for home use. I only have 1 server open to the world and it is a VM of Minecraft.

                      Now you are completely up to date!

                      So if I understood what you wrote, you installed Snort initially on July 10 and got a reboot 5 minutes later. So you removed it and installed it again but without assigning an interface that time. It ran fine for 5 days, and then you configured it to run on the LAN and it ran fine for 4 more days. Finally, you decided to remove it again after conversations and responses to this forum thread.

                      So I'm not seeing your logic from above that implicates Snort as the cause of the single random reboot. Do you mean you had other random reboots during the 5-day and 4-day runs, or did it run without issue during those times? If no issues for that many days, I would find it hard to blame Snort (or any other of the installed packages) as the cause of the reboot on July 10. I'm not trying to dodge the issue, but the evidence you provided in no way implicates any package you have installed as the cause of the reboot - to be honest. You had an apparent random reboot on July 10 at 14:29:29. If that is the only time, then I'm not seeing your issue -- unless I'm missing something in what your wrote. While a random reboot is certainly not an expected thing, I see nothing that implicates any package in that. If it was Snort, I would expect to see reboots during those 5-day and 4-day periods when you said it ran without issues.

                      1 Reply Last reply Reply Quote 0
                      • B
                        Burner27
                        last edited by

                        The only difference between the two SNORT installs was the one that caused the reboots was the configuration I followed from Lawrence Systems' Youtube video. This tutorial: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html did not cause any reboots. The configurations are different. Is it possible a configuration could cause the SG3100 to reboot? When tried SNORT it was the only package installed other than the pfsense software itself. I agree with you regarding the SNORT package itself isnt causing the issue, i think i am doing something wrong?

                        I removed it because most of the people in this thread advised against it since I am running it at home and I really do lack the knowledge to understand it correctly. This is why I ask the experts (like yourself) to educate me. I didnt know you were the creator of the application, and I do appreciate you taking the time to answer my questions/troubleshoot this issue.

                        bmeeksB 1 Reply Last reply Reply Quote 0
                        • bmeeksB
                          bmeeks @Burner27
                          last edited by bmeeks

                          @Burner27 said in SG3100 limitations:

                          The only difference between the two SNORT installs was the one that caused the reboots was the configuration I followed from Lawrence Systems' Youtube video. This tutorial: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html did not cause any reboots. The configurations are different. Is it possible a configuration could cause the SG3100 to reboot? When tried SNORT it was the only package installed other than the pfsense software itself. I agree with you regarding the SNORT package itself isnt causing the issue, i think i am doing something wrong?

                          I removed it because most of the people in this thread advised against it since I am running it at home and I really do lack the knowledge to understand it correctly. This is why I ask the experts (like yourself) to educate me. I didnt know you were the creator of the application, and I do appreciate you taking the time to answer my questions/troubleshoot this issue.

                          No, I don't think the configuration would make a difference. The video you followed was primarily about configuring OpenAppID. That technology is a type of Layer 7 deep packet inspection (DPI). It can detect certain types of popular applications and alert on them. For example, it can detect most Facebook traffic, other types of social media applications and their traffic like Twitter and Instagram, and so forth. This is generally not useful at all for a home user because that kind of traffic is probably 90% or more of what traverses your network in the first place. Folks in your family use social media, and probably so do you. So why would you want to detect and block that? But if you are a major corporation or other business entity, you likely would not want all of your employees using social media apps on the company's time and dime ... ☺. So you would want to detect and possibly block that kind of traffic so your employees did their assigned work instead of posting on Facebook or Instagram or reading Twitter feeds during work hours.

                          To be honest, I don't think Snort was the cause of your reboot at all. It is more likely to be perhaps a random hardware issue or even a short-lived power failure/dip that caused the hardware to reboot. The only issue I have ever seen Snort cause is a Signal 10 bus error, and those get logged in the system log. And they result in only the Snort process itself crashing. Nothing else is impacted and the firewall does not reboot. I see no evidence of that in your log.

                          You are fine without an IDS/IPS on a home network. The most important things for home network security are (in order of importance):

                          1. Keep all clients updated with the latest security hotfixes! That means installing all security updates as soon as practical after they are released.

                          2. Teach family members how NOT to be "click happy". This is especially important with emails that have embedded URLs and/or attachments. Doubly important when that email is from an unrecognized sender!

                          3. For all LAN client endpoints that have available anti-virus clients, install an AV product and keep it updated. For Microsoft stuff, the free built-in Windows tools are more than adequate; especially if you follow tip #1 above and keep your Windows machines patched.

                          Notice how none of these items involve your firewall? That's because in most home networks any firewall will have a default deny-all for unsolicited inbound traffic. That's very good basic security.

                          Now in your case you mentioned that you have an open gaming server (the Minecraft VM). That server absolutely needs to stay current with patches. And I would strongly recommend you move it to a DMZ network all by itself and isolate it to the maximum extent possible from your LAN and the other clients there. If that box is ever compromised, the other hosts on your LAN are then easy pickings for the hacker and nothing on your firewall can get in the way once the hacker owns your gaming server sitting right there on your LAN.

                          1 Reply Last reply Reply Quote 0
                          • B
                            Burner27
                            last edited by

                            I appreciate your thoroughness in your answer. I dont know if hardware issues get reported in the logfiles, but it would make sense. The SG3100 is connected to a UPS so it does get clean power. That doesnt mean the power brick itself isnt having an issue or something with the SSD/motherboard/ram could be the culprit. I will take your advice and move the Minecraft server to a DMZ for security and peace of mind.

                            Thanks again for all your advice and expertise!!

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Yup, putting your server in a DMZ you can filter from the rest of your network is a very good call.

                              I would still consider limiting what source addresses can access it if you can. Even if that's using a geo-IP alias for North America it better than allowing access from anywhere.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • B
                                Burner27
                                last edited by

                                I don’t think I can set up a DMZ. The OPT1 interface is my backup WAN connection.

                                bmeeksB 1 Reply Last reply Reply Quote 0
                                • bmeeksB
                                  bmeeks @Burner27
                                  last edited by

                                  @Burner27 said in SG3100 limitations:

                                  I don’t think I can set up a DMZ. The OPT1 interface is my backup WAN connection.

                                  If you have (or get) a VLAN-capable managed switch, you can set up VLANs and get some isolation that way. Configured properly, VLANs are okay for what you need. Actual isolated hardware ports is the best, but you're not protecting NSA secrets or the nuclear missle launch codes.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    You can configure the on-board switch on the 3100 to separate a port as a discrete interface via internal VLANs.

                                    https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html

                                    Steve

                                    bmeeksB 1 Reply Last reply Reply Quote 1
                                    • bmeeksB
                                      bmeeks @stephenw10
                                      last edited by

                                      @stephenw10 said in SG3100 limitations:

                                      You can configure the on-board switch on the 3100 to separate a port as a discrete interface via internal VLANs.

                                      https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html

                                      Steve

                                      Yep! Forgot about that little tidbit of the SG-3100's capabilities.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        Burner27
                                        last edited by

                                        That guide was very helpful. I got the interface setup as its own VLAN and was able to setup the DHCP server on it as well. Should the firewall rules for the interface be the same setup as LAN?

                                        bmeeksB 1 Reply Last reply Reply Quote 0
                                        • bmeeksB
                                          bmeeks @Burner27
                                          last edited by bmeeks

                                          @Burner27 said in SG3100 limitations:

                                          That guide was very helpful. I got the interface setup as its own VLAN and was able to setup the DHCP server on it as well. Should the firewall rules for the interface be the same setup as LAN?

                                          I would not expect them to be the exact same. The ideal goal would be for the Minecraft server to be completely cut-off from your LAN. But since I suspect you want to be able to play from a client device on your LAN, then you will need some rules on your LAN side to enable access to the DMZ side. Remember that in pfSense you put firewall rules on the ingress interface (so something like "source = LAN, dest = DMZ, allow" on LAN interface). In reality it would be best to lock that down to certain ports and protocols and even certain IP addresses if feasible.

                                          On the DMZ side, you would want to generally block all unsolicited inbound access from the DMZ into your LAN. But I'm not familiar with Minecraft operation, so you may not be able to do that 100% (but I suspect you could). So something like this for 100% isolation: "source = DMZ, dest = LAN, deny" on DMZ interface.

                                          To set your way of thinking, consider that DMZ and all servers in it to be the same as the Internet. In other words, the wild-west and evil and infected. Then base your firewall rules on the DMZ and LAN interfaces accordingly. Of course you still need the game server to function, so some amount of communications will have to be allowed. A fair amount of experimentation may be required to find the magical combination of maximum security and full functionality.

                                          1 Reply Last reply Reply Quote 1
                                          • T
                                            tjcooks4829 @bmeeks
                                            last edited by

                                            @bmeeks I had the random reboots running Snort on my SG-3100. About weekly, and generally during heavy activity (you know, right when you don't need a random reboot). Nothing in the logs, no panic, no crash, just a sudden and unexplained restart. I suspected overheat, but support said my 70°C temperature readings were fine and normal. That seems kind of high, especially since I had the thing isolated and ventilated pretty well.

                                            I honestly don't think the hardware is up to the task, and even Netgate support... they didn't come right out and say that, but they did suggest that I try Suricata instead as it is much more CPU efficient than Snort.

                                            I replaced my SG-3100 with a SG-5100 and the performance difference is significant, to say the least! I'm realizing that the divide between a plastic toy and a machine made of metal is right here between these two devices. I couldn't even get line speed transfers on SG-3100, and now I'm consistently able to get 920/920 speed test (nice low latency too 3ms/4ms unloaded/loaded) on my 1000/1000 fiber connection.... On the SG-3100 speed tests were coming up more like 650/650 and latency around 4ms/10ms. Maybe better right after a fresh reboot, but not for long after.

                                            I think the advice for a SG-3100 user is to run as vanilla a config as you can, and no unnecessary packages... I was running some accounting/reporting packages at first (ntopng, darkstat, bandwidthd) and I think even just that was putting too much load on.

                                            SG-5100 is a big step up in price, but I think it's reflective of the performance increase.

                                            Cheers.

                                            B 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.