WAN Going Down and Some Errors



  • (Thanks in advance for your time and help)

    I've run a few iterations of pfSense all flawless so until now.

    I'm currently on release 2.4.3 running on the following device (no issues in the last year and a half.

    https://www.amazon.com/gp/product/B0742P83HY/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1

    The issue is that I'm beginning to lose connection to the WAN, although a reboot sets it straight again.

    Below is a small list of notifications from pfSense:

    Filter Reload

    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-07 15:29:44
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-07 15:29:49
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-07 15:30:00
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-09 21:01:13
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-09 21:01:17
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-09 21:01:22
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2020-02-09 21:01:24


  • you're out of memory

    you really are stubborn....



  • Lol. I suppose I am. Thank you...

    OK so the issue now is how could I possibly be out of memory?

    The device has a 32gb drive and 4gb ram....

    How do I rectify?

    Thank you again!!!


  • Netgate Administrator

    You're on a pretty old version so the max table size is probably too small for the v6 bogon table (which is huge!).

    Go to Sys > Adv > Firewall and set Firewall Maximum Table Entries to 400000.

    You should upgrade when you can.

    Steve



  • Will-do and thank you again. 2.4.4 is the version I should be on, correct?



  • UPDATE:

    I went ahead and set the table entries to a max of 400k but same issue. The system has run flawlessly for the last year and a half or so.
    EDIT: Could this be hardware failure (ie the RAM itself)?


  • Netgate Administrator

    Unlikely bad RAM. More likely the v6 bogons table is just too large.

    Do you actually use IPv6? On inbound connections?
    You can just remove the block bogons rule from any interface that has IPv6. Inbound traffic is blocked by default anyway on WANs.

    Steve



  • Apologies for the ignorance...This is what I'm looking at. It seems I can't select either rule, nor can I drag to change the load order. WanRules.jpg


  • LAYER 8 Global Moderator

    You would remove the rfc1918 and bogon rules on the interface settings an not the firewall interface rules.

    Did you update to 2.4.4p3 and up the amount of entries for your tables.. 400k sometimes is not enough..



  • @stubborngreek Clicking the actions would allow you to make changes, although those are default settings...see image below! It will take you to the Interface settings John mentioned.
    Screen Shot 2020-02-12 at 2.41.44 PM.png


  • LAYER 8 Global Moderator

    @NollipfSense on a side note what is the purpose of all those block lists on your wan? Your just blocking them from hitting your 1 open vpn port? But what is odd is you don' show any hits on even your vpn connection.. did you reset the counters or something?

    Wouldn't it just be easier to setup allow only from the country your coming from vs trying to block all the bad guys?



  • @johnpoz They were part of pfBlockerNG list that I enabled so I let them be. I haven't finished setting up VPN yet...I had tried and was getting "could not authenticate." Then, I upgraded to pfSense 2.5-dev. I will get back to the VPN soon...I had meant to set up VPN schedule...meanwhile I will disable the VPN.


Log in to reply