Netgate 5100 - after reboot no config
-
It probably isn't a fresh install, it will do that if it has interfaces assigned in the config that are no longer present on the firewall. Typically that would be something like a USB modem device that is connected as Ethernet (ue0). Do you have something like that?
Steve
-
Actually I edited the dropsid.conf from Suricata, saw that Suricata was not running any more after the edit, tried to reinstall Suricata from Packagemanager, what did not work. So I restarted and since then it asks to assign interfaces.
Regards,
Gunther -
Hmm, well it can only reach that screen because there is a mismatch between the configured and available interfaces. It should say which interface is missing just above it. Can we see the console log when it hits that?
Steve
-
@stephenw10
This is the dump from console:/boot/kernel/kernel text=0x1a5b904 data=0x140 data=0x1b62810
syms=[0x8+0x1c2180-KDB: debugger backends:
ddb----------------+ | KDB: current
backend: ddb hit [Enter] to boot or any other key to stop
---<<BOOT>>---
Copyright (c) 1992-2020 The FreeBSD
Project. Copyright (c) 1979, 1980,
1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994x1c2180-+0x8+0x1The
Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD
Foundation. FreeBSD 12.2-STABLE
c1120650645f(plus-RELENG_21_02) pfSense amd64
FreeBSD clang version 10.0.1 (git@github.com:llvm/llvm-project.git
llvmorg-10.0.1-0-gef32c611aa2)
VT(vga): resolution 640x480
CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz (2200.07-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x506f1 Family=0x6 Model=0x5f Stepping=1Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x4ff8ebbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
AMD Features2=0x101<LAHF,Prefetch>
Structured Extended
Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
Structured Extended Features3=0x2c000000<IBPB,STIBP,ARCH_CAP>
XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
IA32_ARCH_CAPS=0x1<RDCL_NO>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
TSC: P-state invariant, performance statistics
real memory = 4294967296 (4096 MB)
avail memory = 4011106304 (3825 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <INTEL TIANO >
WARNING: L1 data cache covers fewer APIC IDs than a core (0 < 1)
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23 on motherboard
Launching APs: 2 1 3
Timecounter "TSC-low" frequency 1100035605 Hz quality 1000
wlan: mac acl policy registered
random: entropy device external interface
ipw_bss: You need to read the LICENSE file in
/usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff80743440, 0) error 1
ipw_ibss: You need to read the LICENSE file in
/usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff807434f0, 0) error 1
ipw_monitor: You need to read the LICENSE file in
/usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff807435a0, 0)
error 1
iwi_bss: You need to read the LICENSE file in
/usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff8076ae30, 0) error 1
iwi_ibss: You need to read the LICENSE file in
/usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff8076aee0, 0) error 1
iwi_monitor: You need to read the LICENSE file in
/usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff8076af90, 0)
error 1
000.000018 [4336] netmap_init netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff814123e0, 0) error 19
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
kbd1 at kbdmux0
[ath_hal] loaded
Netgate SG-5100 Status LED Driver 0.0.7 loaded
mlx5en: Mellanox Ethernet driver 3.5.2 (September 2019)
nexus0
vtvga0: <VT VGA driver> on motherboard
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
acpi0: <ALASKA A M I > on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 24000000 Hz quality 950
Event timer "HPET" frequency 24000000 Hz quality 550
Event timer "HPET1" frequency 24000000 Hz quality 440
Event timer "HPET2" frequency 24000000 Hz quality 440
Event timer "HPET3" frequency 24000000 Hz quality 440
Event timer "HPET4" frequency 24000000 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <processor> at device 0.0 (no driver attached)
pcib2: <ACPI PCI-PCI bridge> mem 0xdff60000-0xdff7ffff irq 20 at device
14.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> mem 0xdff40000-0xdff5ffff irq 21 at device
15.0 on pci0
pci3: <ACPI PCI bus> on pcib3
igb0: <Intel(R) PRO/1000 PCI-Express Network Driver> port 0xd000-0xd01f
mem 0xdfd00000-0xdfd7ffff,0xdfd80000-0xdfd83fff irq 21 at device 0.0 on pci3
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 4 RX queues 4 TX queues
igb0: Using MSI-X interrupts with 5 vectors
igb0: Ethernet address: 00:90:0b:a2:9b:6f
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib4: <ACPI PCI-PCI bridge> mem 0xdff20000-0xdff3ffff irq 22 at device
16.0 on pci0
pci4: <ACPI PCI bus> on pcib4
igb1: <Intel(R) PRO/1000 PCI-Express Network Driver> port 0xc000-0xc01f
mem 0xdfc00000-0xdfc7ffff,0xdfc80000-0xdfc83fff irq 22 at device 0.0 on pci4
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 4 RX queues 4 TX queues
igb1: Using MSI-X interrupts with 5 vectors
igb1: Ethernet address: 00:90:0b:a2:9b:70
igb1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <ACPI PCI-PCI bridge> mem 0xdff00000-0xdff1ffff irq 23 at device
17.0 on pci0
pci5: <ACPI PCI bus> on pcib5
ahci0: <Intel Denverton AHCI SATA controller> port
0xe0c0-0xe0c7,0xe0b0-0xe0b3,0xe040-0xe05f mem
0xdff96000-0xdff97fff,0xdffa2000-0xdffa20ff,0xdffa1000-0xdffa17ff irq 20
at device 19.0 on pci0
ahci0: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
ahci1: <Intel Denverton AHCI SATA controller> port
0xe0a0-0xe0a7,0xe090-0xe093,0xe020-0xe03f mem
0xdff94000-0xdff95fff,0xdffa0000-0xdffa00ff,0xdff9f000-0xdff9f7ff irq 21
at device 20.0 on pci0
ahci1: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich8: <AHCI channel> at channel 7 on ahci1
ahciem1: <AHCI enclosure management bridge> on ahci1
xhci0: <Intel Denverton USB 3.0 controller> mem 0xdff80000-0xdff8ffff
irq 19 at device 21.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pcib6: <ACPI PCI-PCI bridge> irq 16 at device 22.0 on pci0
pci6: <ACPI PCI bus> on pcib6
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver> mem
0xdee00000-0xdeffffff,0xdf004000-0xdf007fff irq 16 at device 0.0 on pci6
ix0: Using 2048 TX descriptors and 2048 RX descriptors
ix0: Using 4 RX queues 4 TX queues
ix0: Using MSI-X interrupts with 5 vectors
ix0: allocated for 4 queues
ix0: allocated for 4 rx queues
ix0: Ethernet address: 00:90:0b:a2:9b:71
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver> mem
0xdec00000-0xdedfffff,0xdf000000-0xdf003fff irq 17 at device 0.1 on pci6
ix1: Using 2048 TX descriptors and 2048 RX descriptors
ix1: Using 4 RX queues 4 TX queues
ix1: Using MSI-X interrupts with 5 vectors
ix1: allocated for 4 queues
ix1: allocated for 4 rx queues
ix1: Ethernet address: 00:90:0b:a2:9b:72
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
pcib7: <ACPI PCI-PCI bridge> at device 23.0 on pci0
pci7: <ACPI PCI bus> on pcib7
ix2: <Intel(R) PRO/10GbE PCI-Express Network Driver> mem
0xde800000-0xde9fffff,0xdea04000-0xdea07fff irq 16 at device 0.0 on pci7
ix2: Using 2048 TX descriptors and 2048 RX descriptors
ix2: Using 4 RX queues 4 TX queues
ix2: Using MSI-X interrupts with 5 vectors
ix2: allocated for 4 queues
ix2: allocated for 4 rx queues
ix2: Ethernet address: 00:90:0b:a2:9b:73
ix2: netmap queues/slots: TX 4/2048, RX 4/2048
ix3: <Intel(R) PRO/10GbE PCI-Express Network Driver> mem
0xde600000-0xde7fffff,0xdea00000-0xdea03fff irq 17 at device 0.1 on pci7
ix3: Using 2048 TX descriptors and 2048 RX descriptors
ix3: Using 4 RX queues 4 TX queues
ix3: Using MSI-X interrupts with 5 vectors
ix3: allocated for 4 queues
ix3: allocated for 4 rx queues
ix3: Ethernet address: 00:90:0b:a2:9b:74
ix3: netmap queues/slots: TX 4/2048, RX 4/2048
pci0: <simple comms> at device 24.0 (no driver attached)
uart2: <Intel Denverton UART> port 0xe080-0xe087 mem
0xdff9d000-0xdff9d0ff irq 16 at device 26.0 on pci0
uart2: Using 1 MSI message
uart3: <Intel Denverton UART> port 0xe070-0xe077 mem
0xdff9c000-0xdff9c0ff irq 17 at device 26.1 on pci0
uart3: Using 1 MSI message
uart4: <Intel Denverton UART> port 0xe060-0xe067 mem
0xdff9b000-0xdff9b0ff irq 18 at device 26.2 on pci0
uart4: Using 1 MSI message
sdhci_pci0: <Intel Denverton eMMC 5.0 Controller> mem
0xdff9a000-0xdff9afff,0xdff99000-0xdff99fff irq 16 at device 28.0 on pci0
sdhci_pci0: 1 slot(s) allocated
mmc0: <MMC/SD bus> on sdhci_pci0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
pci0: <memory> at device 31.2 (no driver attached)
pci0: <serial bus> at device 31.5 (no driver attached)
apei0: <ACPI Platform Error Interface> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 7 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 10 on acpi0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc0fff pnpid ORM0000 on isa0
superio0: <Nuvoton NCT6776> at port 0x2e-0x2f on isa0
wbwd0: <Nuvoton NCT6776 (0xc3/0x33) Watchdog Timer> at WDT ldn 0x08 on
superio0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21eb00001600
device_attach: est0 attach returned 6
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21eb00001600
device_attach: est1 attach returned 6
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21eb00001600
device_attach: est2 attach returned 6
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21eb00001600
device_attach: est3 attach returned 6
Timecounters tick every 1.000 msec
ugen0.1: <0x8086 XHCI root HUB> at usbus0
uhub0: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
mmcsd0: 8GB <MMCHC M32508 5.2 SN 19C933E8 MFG 08/2018 by 112 0x0000> at
mmc0 50.0MHz/8bit/65535-block
mmcsd0boot0: 4MB partition 1 at mmcsd0
mmcsd0boot1: 4MB partition 2 at mmcsd0
mmcsd0rpmb: 4MB partition 3 at mmcsd0
ses0 at ahciem0 bus 0 scbus1 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 2.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
ses1 at ahciem1 bus 0 scbus3 target 0 lun 0
ses1: <AHCI SGPIO Enclosure 2.00 0001> SEMB S-E-S 2.00 device
ses1: SEMB SES Device
Trying to mount root from ufs:/dev/ufsid/5d02ab5f7e5a49f2 [rw]...
Dual Console: Serial Primary, Video Secondary
Configuring crash dumps...
Using /dev/label/swap0 for dump device.
/dev/ufsid/5d02ab5f7e5a49f2: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ufsid/5d02ab5f7e5a49f2: clean, 4357 free (4229 frags, 16 blocks,
0.2% fragmentation)
uhub0: 8 ports with 8 removable, self powered
Filesystems are clean, continuing...
Mounting filesystems...___ __ / |__ ___ _ __ ___ ___ _
| '_ | |/ _|/ _ \ ' / __|/ _ \ | |
| |) | _ \ / | | _ \ / | _|
| ./|| |/_|| ||/_| ||
|_|Welcome to Netgate pfSense Plus 21.02.2-RELEASE...
No core dumps found.
...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
/usr/local/lib/compat/pkg /usr/lib/engines /usr/local/lib/compat/pkg
/usr/local/lib/ipsec /usr/local/lib/perl5/5.32/mach/CORE
32-bit compatibility ldconfig path:
done.
External config loader 1.0 is now starting... mmcsd0s1 mmcsd0s1a mmcsd0s1b
Launching the init system...Updating CPU Microcode...
CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz (2200.07-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x506f1 Family=0x6 Model=0x5f Stepping=1Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x4ff8ebbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
AMD Features2=0x101<LAHF,Prefetch>
Structured Extended
Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
Structured Extended
Features3=0xac000400<MD_CLEAR,IBPB,STIBP,ARCH_CAP,SSBD>
XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
IA32_ARCH_CAPS=0x69<RDCL_NO,SKIP_L1DFL_VME>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
TSC: P-state invariant, performance statistics
Done.
.... done.
Initializing.................. done.
Starting device manager (devd)...done.
Loading configuration......done.
Updating configuration...done.Default interfaces not found -- Running interface assignment option.
Valid interfaces are:
igb0 00:90:0b:a2:9b:6f (down) Intel(R) PRO/1000 PCI-Express Network
Driver
igb1 00:90:0b:a2:9b:70 (down) Intel(R) PRO/1000 PCI-Express Network
Driver
ix0 00:90:0b:a2:9b:71 (down) Intel(R) PRO/10GbE PCI-Express Network
Driver
ix1 00:90:0b:a2:9b:72 (down) Intel(R) PRO/10GbE PCI-Express Network
Driver
ix2 00:90:0b:a2:9b:73 (down) Intel(R) PRO/10GbE PCI-Express Network
Driver
ix3 00:90:0b:a2:9b:74 (down) Intel(R) PRO/10GbE PCI-Express Network
DriverDo VLANs need to be set up first?
If VLANs will not be used, or only for optional interfaces, it is typical to
say no here and use the webConfigurator to configure VLANs later, if
required -
@hebein said in Netgate 5100 - after reboot no config:
Default interfaces not found -- Running interface assignment option.
Hmm, that implies it was defaulted for some reason. I assume you did not default the config though?
The other odd thing is that those are the default interfaces so if it had defaulted the config it should still boot correctly unless it somehow has the wrong image and hence the wrong default config. Has it ever been re-installed?Steve
-
No, we never touched it. Worked fine until yesterday, when I edited dropsid.conf and Suricata crashed and I did a reboot via the GUI.
-
Hmm, hard to see how that happened but since you're not yet running 21.05 I would probably just install that directly and restore your config into it. Assuming you have a backup config.
Otherwise you could try booting into single user mode and checking what the current config is in /cf/conf/config.xml and what backup exist in /cf/conf/backup.
You can manually copy an old config into place if you have to.
Steve
-
@stephenw10
That was the solution. Disk seems to be full, last config was ot written fully.
Switched now to my redundant 5100, but still wondering what to delete to free space.
fsck says that inconsistency is found, but does nothing. -
If the filesystem is full it's almost certainly logging if some sort and probably from a package.
Check the Snort or Suricata logs if you're running either and didn't set a log size limit. They are in /var/log.Steve
-
@stephenw10 It was old logs from suricata that filled up the filesystem.
Log rotation is activated, but how can I make suricata delete old logs? -
It should work OK as long as you have set and saved values in the log management tab.
I always set a total folder size there as well to be sure.Steve
-
@hebein said in Netgate 5100 - after reboot no config:
old logs from suricata that filled up the filesystem
A couple years ago, give or take, there was an issue where the Suricata GUI would show log rotation was enabled but it actually wasn't by default. That was fixed back then, and I would think if you are on 21.01 you'd have a newer package and this doesn't apply to you. But IIRC the workaround was just to save the Suricata log page settings so it did actually enable. Except for that we haven't had any such issues with its log rotation.
If it's a high traffic site you might consider unchecking "Enable HTTP Log" on the interface.
