Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN Going Down and Some Errors

    Scheduled Pinned Locked Moved General pfSense Questions
    30 Posts 7 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stubborngreek
      last edited by

      (Thanks in advance for your time and help)

      I've run a few iterations of pfSense all flawless so until now.

      I'm currently on release 2.4.3 running on the following device (no issues in the last year and a half.

      https://www.amazon.com/gp/product/B0742P83HY/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1

      The issue is that I'm beginning to lose connection to the WAN, although a reboot sets it straight again.

      Below is a small list of notifications from pfSense:

      Filter Reload

      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-07 15:29:44
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-07 15:29:49
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-07 15:30:00
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-09 21:01:13
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-09 21:01:17
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-09 21:01:22
      There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
      @ 2020-02-09 21:01:24
      
      1 Reply Last reply Reply Quote 0
      • sherpagoodnessS
        sherpagoodness
        last edited by

        you're out of memory

        you really are stubborn....

        1 Reply Last reply Reply Quote 0
        • S
          stubborngreek
          last edited by

          Lol. I suppose I am. Thank you...

          OK so the issue now is how could I possibly be out of memory?

          The device has a 32gb drive and 4gb ram....

          How do I rectify?

          Thank you again!!!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            You're on a pretty old version so the max table size is probably too small for the v6 bogon table (which is huge!).

            Go to Sys > Adv > Firewall and set Firewall Maximum Table Entries to 400000.

            You should upgrade when you can.

            Steve

            1 Reply Last reply Reply Quote 1
            • S
              stubborngreek
              last edited by

              Will-do and thank you again. 2.4.4 is the version I should be on, correct?

              1 Reply Last reply Reply Quote 0
              • S
                stubborngreek
                last edited by stubborngreek

                UPDATE:

                I went ahead and set the table entries to a max of 400k but same issue. The system has run flawlessly for the last year and a half or so.
                EDIT: Could this be hardware failure (ie the RAM itself)?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Unlikely bad RAM. More likely the v6 bogons table is just too large.

                  Do you actually use IPv6? On inbound connections?
                  You can just remove the block bogons rule from any interface that has IPv6. Inbound traffic is blocked by default anyway on WANs.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • S
                    stubborngreek
                    last edited by

                    Apologies for the ignorance...This is what I'm looking at. It seems I can't select either rule, nor can I drag to change the load order. WanRules.jpg

                    NollipfSenseN 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      You would remove the rfc1918 and bogon rules on the interface settings an not the firewall interface rules.

                      Did you update to 2.4.4p3 and up the amount of entries for your tables.. 400k sometimes is not enough..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • NollipfSenseN
                        NollipfSense @stubborngreek
                        last edited by

                        @stubborngreek Clicking the actions would allow you to make changes, although those are default settings...see image below! It will take you to the Interface settings John mentioned.
                        Screen Shot 2020-02-12 at 2.41.44 PM.png

                        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          @NollipfSense on a side note what is the purpose of all those block lists on your wan? Your just blocking them from hitting your 1 open vpn port? But what is odd is you don' show any hits on even your vpn connection.. did you reset the counters or something?

                          Wouldn't it just be easier to setup allow only from the country your coming from vs trying to block all the bad guys?

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          NollipfSenseN 1 Reply Last reply Reply Quote 0
                          • NollipfSenseN
                            NollipfSense @johnpoz
                            last edited by

                            @johnpoz They were part of pfBlockerNG list that I enabled so I let them be. I haven't finished setting up VPN yet...I had tried and was getting "could not authenticate." Then, I upgraded to pfSense 2.5-dev. I will get back to the VPN soon...I had meant to set up VPN schedule...meanwhile I will disable the VPN.

                            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                            1 Reply Last reply Reply Quote 0
                            • M
                              Marty McFly
                              last edited by

                              Any solution.....I have same issue.
                              (Netgate SG-3100, Ver. 2.4.5, 25% of memory used overall)

                              Have read nomerous similar cases, where solution is to raise maximum number on 'Firewall Maximum Table Entries' and do a filter reload. Still recieve same error:

                              rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6"

                              Have disabled PfBlocker, reloaded, same error.

                              Now i have changed the update settings for 'Bogon Networks' on 'Firewall & NAT' to daily due to recent update to version 2.4.5. The standard setting is pr. week. Im thinking new maximun number needs to be overwritten by system. I will see if this solves the problem.
                              If any other finds the solution, please post. Many thanks in advance.

                              M 1 Reply Last reply Reply Quote 0
                              • M
                                Marty McFly @Marty McFly
                                last edited by

                                @Marty-McFly Still no solution. Have raised maximum value to 900.000 etc, but have same error. Hope someone has a solution out there.

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Do you need to filter inbound bogons specifically? If not then one solution here is to just uncheck block-bogons. All inbound traffic is filtered by default anyway.

                                  Steve

                                  M 1 Reply Last reply Reply Quote 0
                                  • M
                                    Marty McFly @stephenw10
                                    last edited by

                                    @stephenw10 thx, yes You have a point. Have disabled Bogons on the WAN side. That did removed the continous errors in the log, but not the cause of the error.

                                    I have however, ended up with yet another error, very similar to previous one.

                                    rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:24: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [24]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
                                    

                                    I remove entries on the IPv4 Custom list which i had, took the Aliases URL's and removed them there, and reloded the Update job on pfBlockerNG. Still recieve same error.
                                    Have disabled all of pfBlockerNG and re-enabled it, to see if it would change through an overwrite. Still recieve same error.
                                    Hope you still are up for yet another shot at this. Many thanks in advance.

                                    S 1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator
                                      last edited by johnpoz

                                      @Marty-McFly said in WAN Going Down and Some Errors:

                                      Cannot allocate memory

                                      Turn off all your tables! they must be HUGE if you can not allocate memory if you have it set to 900000.. Set it to 1800000 then.. I have mine set at 1600000... And I don't use bogon, I have no use for them, since I only allow IPs from the US and Honduras to hit my plex.. Clearly those are not bogon, so have no use for that table..

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      M 1 Reply Last reply Reply Quote 0
                                      • M
                                        Marty McFly @johnpoz
                                        last edited by

                                        @johnpoz Thx, for your reply. With the fearfull thought, not to 'jinks-it too much', it seems to have done the trick. I was not sure i could (should) raise the value too much. On the other hand, guess your right about the size off the table, as me trying to prevent as much comercial jitter through pfBlocker. I raised the value to 1800000 for now, and are waiting to see if there is any downside too it. Many thanks for your help.

                                        1 Reply Last reply Reply Quote 0
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by

                                          Here is the thing, if your ONLY going to allow what is in your tables to hit your port forwards, then bogon make no sense at all to use or populate the table even. Bogon IPv6 is a HUGE table.. ipv4 not so much, and getting smaller every day to be honest and the rest of the IPv4 space gets used up.

                                          If you were using any that could be allowed to your ports, then ok bogon would make some some sense... Then again bogon's are network that are not suppose to route on the internet.. So you really should never see any traffic from them.

                                          Trying to block the whole freaking internet is a lost cause.. Allow what you want, it is going to be much smaller table, then every single bad guy IP out there ;)

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          M 1 Reply Last reply Reply Quote 0
                                          • M
                                            Marty McFly @johnpoz
                                            last edited by

                                            @johnpoz yes, i agree. However, im in denial, because i belive i somehow can minimize the impact by blocking advertisment sites and such. Im an old dinasaurus fighting back. Please bear with me.

                                            Have now trolled my pfBlocker settings and cleaned my act. That too helped a lot.... All together, things are starting to look good.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.