504 Gateway Time-out
-
I get this errors then the only way to get the GUI is SSH to the box restart 16 PHP_FPM
It also notice that it restart dhcp for the wan Could not connect to /var/run/php-fpm.socket /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. '' Sep 27 21:42:17 check_reload_status Starting packages Sep 27 21:42:17 php-fpm 68658 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 1.2.3.4 -> 1.2.3.4 - Restarting packages. Sep 27 21:42:15 check_reload_status rc.newwanip starting em0 Sep 27 21:42:15 snort 28240 spo_pf -> added address 1.2.3.4 to automatic interface IP Pass List. Sep 27 21:42:15 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:15 snort 28240 spo_pf -> deleted address 1.2.3.4 from automatic IP Pass List. Sep 27 21:42:15 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:15 kernel em0: link state changed to DOWN Sep 27 21:42:15 check_reload_status Linkup starting em0 Sep 27 21:42:15 php-fpm 68658 /rc.newwanip: Creating rrd update script Sep 27 21:42:15 php-fpm 68658 /rc.newwanip: Resyncing OpenVPN instances for interface OUTSIDE. Sep 27 21:42:15 check_reload_status Linkup starting em0 Sep 27 21:42:15 kernel em0: link state changed to UP Sep 27 21:42:14 php-fpm 99661 /rc.newwanip: rc.newwanip: on (IP address: 1.2.3.4) (interface: OUTSIDE[wan]) (real interface: em0). Sep 27 21:42:14 php-fpm 99661 /rc.newwanip: rc.newwanip: Info: starting on em0. Sep 27 21:42:14 php-fpm 43055 /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. '' Sep 27 21:42:12 check_reload_status rc.newwanip starting em0 Sep 27 21:42:12 snort 28240 spo_pf -> added address 1.2.3.4 to automatic interface IP Pass List. Sep 27 21:42:12 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:12 snort 28240 spo_pf -> deleted address 1.2.3.4 from automatic IP Pass List. Sep 27 21:42:12 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:12 kernel em0: link state changed to DOWN Sep 27 21:42:12 check_reload_status Linkup starting em0 Sep 27 21:42:12 check_reload_status Linkup starting em0 Sep 27 21:42:12 kernel em0: link state changed to UP Sep 27 21:42:11 php-fpm 43055 /rc.newwanip: rc.newwanip: on (IP address: 1.2.3.4) (interface: OUTSIDE[wan]) (real interface: em0). Sep 27 21:42:11 php-fpm 43055 /rc.newwanip: rc.newwanip: Info: starting on em0. Sep 27 21:42:09 php-fpm 68658 /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. '' Sep 27 21:42:09 check_reload_status rc.newwanip starting em0 Sep 27 21:42:09 snort 28240 spo_pf -> added address 1.2.3.4 to automatic interface IP Pass List. Sep 27 21:42:09 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:09 snort 28240 spo_pf -> deleted address 1.2.3.4 from automatic IP Pass List. Sep 27 21:42:09 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:09 kernel em0: link state changed to DOWN Sep 27 21:42:09 check_reload_status Linkup starting em0 Sep 27 21:42:09 check_reload_status Linkup starting em0 Sep 27 21:42:09 kernel em0: link state changed to UP Sep 27 21:42:07 php-fpm 68658 /rc.newwanip: rc.newwanip: on (IP address: 1.2.3.4) (interface: OUTSIDE[wan]) (real interface: em0). Sep 27 21:42:07 php-fpm 68658 /rc.newwanip: rc.newwanip: Info: starting on em0. Sep 27 21:42:06 check_reload_status rc.newwanip starting em0 Sep 27 21:42:06 snort 28240 spo_pf -> added address 1.2.3.4 to automatic interface IP Pass List. Sep 27 21:42:06 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:06 snort 28240 spo_pf -> deleted address 1.2.3.4 from automatic IP Pass List. Sep 27 21:42:06 snort 28240 spo_pf -> Received notification of IP address change on interface em0. Sep 27 21:42:06 kernel em0: link state changed to DOWN Sep 27 21:42:06 check_reload_status Linkup starting em0 Sep 27 21:41:47 snort 28240 [1:2402000:4951] ET DROP Dshield Block Listed Source group 1 [Classification: Misc Attack] [Priority: 2] {TCP} 31.184.237.58:54972 -> 1.2.3.4:11637 Sep 27 21:41:47 snort 28240 [1:2403346:43802] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 [Classification: Misc Attack] [Priority: 2] {TCP} 31.184.237.58:54972 -> 1.2.3.4:11637 Sep 27 21:41:39 check_reload_status Syncing firewall Sep 27 21:40:55 chain.wall nginx: 2018/09/27 21:40:55 [error] 61083#100172: *2 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 10.15.67.33, server: , request: "GET /widgets/widgets/pfblockerng.widget.php?getNewCounts=1538109511153 HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "10.15.67.1", referrer: "https://10.15.67.1/" Sep 27 21:40:50 chain.wall nginx: 2018/09/27 21:40:50 [error] 61083#100172: *2 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 10.15.67.33, server: , request: "GET /widgets/widgets/snort_alerts.widget.php?getNewAlerts=1538109506152 HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "10.15.67.1", referrer: "https://10.15.67.1/" Sep 27 21:40:49 chain.wall nginx: 2018/09/27 21:40:49 [error] 61083#100172: *2 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 10.15.67.33, server: , request: "POST /getstats.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "10.15.67.1", referrer: "https://10.15.67.1/" Sep 27 21:40:43 snort 28240 [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 151.106.13.158:5974 -> 1.2.3.4:5060 Sep 27 21:40:43 snort 28240 [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 151.106.13.158:5974 -> 1.2.3.4:5060 Sep 27 21:40:42 snort 28240 [1:2402000:4951] ET DROP Dshield Block Listed Source group 1 [Classification: Misc Attack] [Priority: 2] {TCP} 5.188.86.36:56220 -> 1.2.3.4:15201 Sep 27 21:40:42 snort 28240 [1:2403310:43802] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 [Classification: Misc Attack] [Priority: 2] {TCP} 5.188.86.36:56220 -> 1.2.3.4:15201 Sep 27 21:40:08 snort 28240 [1:2402000:4951] ET DROP Dshield Block Listed Source group 1 [Classification: Misc Attack] [Priority: 2] {TCP} 146.185.222.13:51584 -> 1.2.3.4:29840 Sep 27 21:39:10 kernel ukbd1: detached Sep 27 21:39:10 kernel ukbd1: at uhub9, port 3, addr 5 (disconnected) Sep 27 21:39:10 kernel ugen3.5: <CHICONY USB NetVista Full Width Keyboard> at usbus3 (disconnected) Sep 27 21:39:10 kernel ugen3.4: <Microsoft Microsoft Comfort Mouse 4500> at usbus3 (disconnected) Sep 27 21:39:04 check_reload_status check_reload_status is starting. Sep 27 21:39:04 rc.php-fpm_restart 68112 >>> Restarting php-fpm Sep 27 21:38:57 login ROOT LOGIN (admin) ON ttyv0 Sep 27 21:38:57 login login on ttyv0 as admin Sep 27 21:38:49 kernel kbd3 at ukbd1 Sep 27 21:38:49 kernel ukbd1: <CHICONY USB NetVista Full Width Keyboard, class 0/0, rev 1.10/1.02, addr 5> on usbus3 Sep 27 21:38:49 kernel ukbd1 on uhub9 Sep 27 21:38:49 kernel ugen3.5: <CHICONY USB NetVista Full Width Keyboard> at usbus3 Sep 27 21:38:49 kernel ugen3.4: <Microsoft Microsoft Comfort Mouse 4500> at usbus3 Sep 27 21:38:38 kernel em1.11: promiscuous mode enabled Sep 27 21:38:38 kernel em1.26: promiscuous mode enabled Sep 27 21:38:38 kernel em1.11: promiscuous mode disabled Sep 27 21:38:38 kernel em1.26: promiscuous mode disabled Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Packet Encoding: Ethernet Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Opening em1.11 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.42.0 with netmask 255.255.255.224 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.11.0 with netmask 255.255.255.192 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.26.0 with netmask 255.255.255.252 Sep 27 21:38:38 bandwidthd Monitoring subnet 10.15.67.0 with netmask 255.255.255.0 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.42.0 with netmask 255.255.255.224 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.11.0 with netmask 255.255.255.192 Sep 27 21:38:38 bandwidthd Monitoring subnet 192.168.26.0 with netmask 255.255.255.252 Sep 27 21:38:38 bandwidthd Monitoring subnet 10.15.67.0 with netmask 255.255.255.0 Sep 27 21:38:32 check_reload_status Reloading filter
-
What pfSense version are you running? If it's 2.4.4 is this something that started happening after you upgraded?
Does it still happen if you disable Snort and/or Bandwidthd?
Steve
-
its a fresh install of 2.4.4. I'll try disabling snort and Bandwidthd
-
its still the same issues with is disabled
-
What logs are you seeing without Snort and bandwidthd filling it?
I exepct to see more nginx errors in there.Steve