cant login webgui

yon 0

system.zip

It should not be a hardware problem of the network card or switch, because they are all newly bought hardware, and the network card is intel

yon 0

i can use ssh for normal login, only webgui cant login. show "

504 Gateway Time-out
nginx

yon 0

How to check the list of installation packages?

yon 0

i have install the snort

jimp

@yon-0 said in cant login webgui:

system.zip
It should not be a hardware problem of the network card or switch, because they are all newly bought hardware, and the network card is intel

That doesn't mean they are good. You are more likely to have faulty hardware new out of the box than most other times. Also the cards may not be legitimate -- there are tons of fake Intel cards out there, some of which misbehave in various ways which render networking (or the entire OS) unstable.

yon 0

i only can't login webgui, but i can visit internet in lan. so NIC should work.

yon 0

i have config in loader.conf

kern.cam.boot_delay=10000
kern.ipc.nmbclusters="1000000"
kern.ipc.nmbjumbop="524288"
kern.ipc.nmbjumbo9="524288"
if_em_load="YES"
h_ertt_load="YES"
ahci_load="YES"
cc_cdg_load="YES"
aesni_load="YES"
hw.igb.enable_msix="1"
hw.igb.rx_process_limit="-1"
hw.igb.tx_process_limit="-1"
hw.igb.rxd="2048"
hw.igb.txd="2048"
net.link.ifqmaxlen="4096"
hw.igb.max_interrupt_rate="16000"
net.inet.tcp.soreceive_stream="1"
net.pf.source_nodes_hashsize="1048576"
net.isr.defaultqlimit="2048"
net.inet.tcp.syncache.hashsize="1024"
net.inet.tcp.syncache.bucketlimit="100"
autoboot_delay="3"
hw.usb.no_pf="1"
net.pf.request_maxcount="500000"

valentinius

thanks to eveyone for a piece of advice, it seems i have solved the problem!!

yon 0

@valentinius whats mean?

valentinius

@yon-0
i mean that thanks to all your recommendations i have solved the problem with login webgui)

valentinius

@yon-0 SOLVED, rebooted all is well again

yon 0

@valentinius How to solve it?

yon 0

i find the bugs.

when i import a lot of firewall_aliases networks like 200 ipv4 networks and setup route or firewall rule, then PF webgui nginx 504 Gateway Time-out.

how many network line for firewall_aliases?

yon 0

Aug 24 05:45:40 nginx 2020/08/24 05:45:40 [error] 13539#100230: *14202 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.101.30, server: , request: "GET /index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.101.254:2253", referrer: "https://192.168.101.254:2253/system_routes.php"

yon 0

it seem need fix nginx

https://stackoverflow.com/questions/18740635/nginx-upstream-timed-out-110-connection-timed-out-while-reading-response-hea

yon 0

2020/08/24 05:53:17 [error] 13539#100230: *14202 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.101.30, server: , request: "GET /index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.101.254:2253", referrer: "https://192.168.101.254:2253/system_routes.php"
2020/08/24 05:56:48 [error] 13539#100230: *14202 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.101.30, server: , request: "GET /index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.101.254:2253", referrer: "https://192.168.101.254:2253/system_routes.php"
2020/08/24 05:57:49 [error] 13539#100230: *14202 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.101.30, server: , request: "GET /index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.101.254:2253", referrer: "https://192.168.101.254:2253/services_dhcpv6.php"
2020/08/24 06:16:55 [error] 7087#100230: kevent() reported about an closed connection (65: No route to host) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 31.13.79.17:80, certificate: "/var/etc/cert.crt"
2020/08/24 06:16:55 [error] 7087#100230: OCSP responder prematurely closed connection while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 31.13.79.17:80, certificate: "/var/etc/cert.crt"
2020/08/24 06:16:55 [error] 7043#100233: kevent() reported about an closed connection (60: Operation timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 69.171.233.33:80, certificate: "/var/etc/cert.crt"
2020/08/24 06:16:55 [error] 7043#100233: OCSP responder prematurely closed connection while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 69.171.233.33:80, certificate: "/var/etc/cert.crt"
2020/08/24 06:21:12 [error] 7087#100230: *6 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.101.30, server: , request: "GET /index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.101.254:2253", referrer: "https://192.168.101.254:2253/diag_backup.php"
2020/08/24 06:24:35 [warn] 13335#100201: "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/var/etc/cert.crt"

yon 0

Find the cause of the problem, when many static routes are set, for example, more than 1000 static routes. then if you log in to the home page of the management website, you cannot open it. /index.php

data from https://bgp.space/chinanet.html

Gertjan

@yon-0 said in cant login webgui:

Find the cause of the problem, when many static routes are set, for example, more than 1000 static routes. then if you log in to the home page of the management website, you cannot open it.

data from https://bgp.space/chinanet.html

Can I load this list into pfBlockerNG ????

( Ok, I leave ... )

yon 0

@Gertjan yes, you try do it.

jimp

If you need anywhere near 1000 static routes your design is seriously flawed.

I don't know that anyone has tested with more than a couple dozen at most.

Beyond that you really should be using some kind of dynamic routing protocol, not hardcoded static routes.