Upgrade to 2.4.3-RELEASE-p1 issue

mrmastii

Hello there,
I have upgrade from 2.4.3 to 2.4.3_1 and upgrade went okay, i.e I can log in to admin portal and all config looks good, however tit looks that I cannot get to internet from LAN.
example:
ping: LAN > GATEWAY [OK]
ping: LAN > Internet IP [failed]
Ping: PFSENSE to Internet [OK]
same thing with traceroute. Traceroute is failing past pfsense.
Note: everything was working perfectly before the upgrade.

Please advice
MM

Darkvodka34

@mrmastii said in Upgrade to 2.4.3-RELEASE-p1 issue:

PFSENSE to Internet [OK]
same thing with traceroute. Traceroute is failing past pfsense.
Note: everything was working perfectly before the upgrade.
Please advice

Can you show us your firewall rules

Firewall>>Rules>>LAN

mrmastii

Please see attached screen snap

also please note that state for all interfaces shows 0/0

Derelict

Pinging from LAN to the LAN address would increase those state counts. As would accessing the portal page from a LAN host. So that is at least an indication that something isn't configured correctly.

That all looks fine.

It is probably something else unrelated - but perhaps coincidental - to you upgrading.

Or something that should not have been working before the upgrade and is now not working as it shouldn't be.

Could be a million things. Probably best to narrow it down:

https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

mrmastii

There is something that I just saw, an error message about a rule not being loaded correctly. I have a feeling that this might be causing the problem.
Any idea how to fix it?

mrmastii

@mrmastii said in Upgrade to 2.4.3-RELEASE-p1 issue:

There is something that I just saw, an error message about a rule not being loaded correctly. I have a feeling that this might be causing the problem.
Any idea how to fix it?

I did a search on the forum and found similar issue,not sure if it is the same bug?
https://forum.netgate.com/topic/127849/notification-of-tmp-rules-debug-syntax-error

Derelict

https://redmine.pfsense.org/issues/8518

You can install the system patches package and then changeset

There are system patches available for this issue.
The patch commit IDs are:
63b2c4c878655746f903565dec3f34b3d410153f
c9159949e06cc91f6931bf2326672df7cad706f4
If you want to test them you can install them using the System Patches package

Install the System Patches package in System > Package Manager, Available Packages. It will be at System > Patches when you are done.
Add a new patch
Enter a description
Enter 63b2c4c878655746f903565dec3f34b3d410153f as the Commit ID
Set the path strip count to 1
Set Base Directory to /
Check Ignore Whitespace.
Save

That should retrieve the patch.

Then Fetch it then test it. It should say it CAN be applied cleanly and CANNOT be reverted (those test results will flip after it is applied).
Then you can apply it.
Repeat for the other patch(es).
Please let us know if that clears it up and if you see any adverse effects.

You can simply revert the patches if they cause issues.

mrmastii

Hi @Derelict,
Looks like these patches did it. I manually commented out the line in /tmp/rules.debug and then applied the patches, rebooted and voila, internet came back online.
I will monitor it closely to see it it has any adverse.
Thanks for all your help
MM