pfSense rebooted by root?
- 
 Ok, I just locked down some ports, included SSH (port 2222). Still, this feels like something on the router and causing causing it to reboot. Either a scheduled process, or something causing a fault that results in a reboot. 
- 
 ssh is not port 2222, 22 yes not 2222 
- 
 They are forwarding port 2222 to ssh here. I assume you locked it down to known source IPs only. Has it rebooted again since? Steve 
- 
 Yes, my isp blocks port 22 so I was forwarding port 2222 from wan to port 22 to the internal machine. I turned this off. The router rebooted another 2.5 hours later. I don’t think it has rebooted since. 
- 
 I just updated to 2.4.4-RELEASE-p1. I will continue to monitor and see if this makes a difference. 
- 
 @RyanM @stephenw10 Did you ever find a solution to this? I'm experiencing the same exact thing and my logs read the same with random daily reboots. 
- 
 Exactly the same? Let's see logs covering the run up to the reboot. Steve 
- 
 I guess not "exactly" but very similar. For no reason each morning I lose the internet connection to see pfsense is rebooting. I see this in the logs: Oct 30 10:18:34 gateway syslogd: kernel boot file is /kernel 
 Oct 30 10:18:34 gateway kernel: Copyright (c) 1992-2018 The FreeBSD Project.
 Oct 30 10:18:34 gateway kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 Oct 30 10:18:34 gateway kernel: The Regents of the University of California. All rights reserved.
 Oct 30 10:18:34 gateway kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
 Oct 30 10:18:34 gateway kernel: FreeBSD 11.2-RELEASE-p10 #21 10fea60fdde(factory-RELENG_2_4_4): Thu May 16 06:26:11 EDT 2019
 Oct 30 10:18:34 gateway kernel: root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-244/obj/aarch64/upm8hD25/arm64.aarch64/build/factory-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense arm64
 Oct 30 10:18:34 gateway kernel: FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
 Oct 30 10:18:34 gateway kernel: VT: init without driver.
 Oct 30 10:18:34 gateway kernel: Starting CPU 1 (1)
 Oct 30 10:18:34 gateway kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 Oct 30 10:18:34 gateway kernel: random: entropy device external interface
 Oct 30 10:18:34 gateway kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
 Oct 30 10:18:34 gateway kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.Oct 30 10:18:48 gateway php-cgi: rc.bootup:
 Oct 30 10:19:07 gateway kernel: .done.
 Oct 30 10:19:56 gateway php-cgi: rc.bootup: Creating rrd update script
 ct 30 10:19:57 gateway root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
 Oct 30 10:20:00 gateway syslogd: exiting on signal 15
 Oct 30 10:20:00 gateway syslogd: kernel boot file is /kernel
 Oct 30 10:20:00 gateway kernel: done.
 Oct 30 10:20:00 gateway kernel: done.
 Oct 30 10:20:06 gateway php-fpm[363]: /rc.start_packages: Restarting/Starting all packages.
 Oct 30 10:20:06 gateway php-fpm[363]: [pfBlockerNG] Starting cron process.
 Oct 30 10:20:08 gateway getty[7801]: open /dev/ttyv0: No such file or directory
 Oct 30 10:20:08 gateway login: login on ttyu0 as rootAnd I was not logged into the console and was sitting right next to the box so nobody was physically here. 
- 
 @RyanM @stephenw10 I just updated with some logs. Thanks for the help. 
- 
 Ok, importantly you are not seeing rebooted by rootthere. Rather it just appears to reboot.That's an SG-1100 I assume? Are you able to connect to the serial console and log the output there across a reboot? That would show what's happening. Steve 
- 
 yep its an 1100. Are you thinking maybe its rebooting due to some overload on the hardware or potential hardware issue then? I should be able to connect to the serial console directly. How would I log the output from there and then do a reboot? 
- 
 If you are using putty in Windows (or Linux) you can just enable logging there to get a file directly. Most terminal clients will have enough scroll back anyway to just copy and paste it out. 
 You would need to just leave it connected and wait for it to reboot unless you are able to predict when it will happen.Steve 


