Cannot edit or add Port Forward rules in 2.3.1-p5, WebGUI crashes



  • I just recently upgraded to the latest 2.3.1-p5 from 2.3.0 a couple of days ago and now any time I try to edit the existing port forward rules or add a new one, the GUI refreshes to a blank page. When I go back to the main dashboard in my browser, I get this error:

    [30-Jun-2016 14:32:28 America/New_York] PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 15 bytes) in /usr/local/www/firewall_nat_edit.php on line 624
    

    I've tried it in both Chrome and Firefox on Linux and the same error appears. Everything else in the Web GUI seems to be totally functional. I've restarted the configurator and PHP-FM from the console to no avail. The number of bytes that it tries to allocate seems to be different by a few bytes each time.

    My hardware config is an Atom C2758 on a SuperMicro board with 8GB of Kingston ECC DDR3 RAM. Memory usage is only 10% of that 8GB so I'm not running out of memory overall. Adding new firewall rules or anything else even seems to work. Just not editing Port Forwards. Any ideas? (I haven't rebooted the server since I can't do it until after hours)



  • Weird. Something's making it exhaust PHP's memory limit, which I've never heard of on that page. What does your existing port forward config look like? What's the system's config like in general? How many interfaces, Virtual IPs, etc.



  • @cmb:

    Weird. Something's making it exhaust PHP's memory limit, which I've never heard of on that page. What does your existing port forward config look like? What's the system's config like in general? How many interfaces, Virtual IPs, etc.

    16 Port Forwards total with two physical WAN links. Our main WAN has IP's 50.xx.xx.145-150 forwarded to specific machines inside our network running specific services accessible to the outside world. The secondary WAN is only using a single IP and has a total of 4 forwards to 3 different machines. Virtual IP's we have those same 50 addresses set up listed above plus one extra. Hardware specs are in the other post above. 50 or so OpenVPN connections and 3 IPSEC connections as well. Nothing too overly crazy and the hardware is overkill for what we're doing as of now. We never really have more than one person using the WebUI at a time and we're not using captive portal or really much else service-wise on PfSense either. Basically just a router and VPN server/endpoint.


Log in to reply