Need help understanding these log entries
-
There are a number of repeated entries several times a day over several days. I have not looked back more than 3 days. Always from same IP, which is AT&T and they are my ISP. I am confused about several entries. Apparently all this is harmless since AT&T is likely doing some sort normal operation however I have never noticed it in the several years I've been using them.
Why is there a gateway alarm?
If I do a traceroute, the next hop is not showing the IP I have use for my WANGW (and have been using for years), but it is the IP showing the connection attempt in the attached log. I do not recall where I got the IP I entered as a gateway addr.
The log sez dyndns for WAN interface is updated. I don't use dyndns nor ATT's DNS afaik. I use the resolver set for localhost & fallback to remote but I have not defined any remotes. I have nothing setup in the dyndns menu.
php-fpm shows a config warning on /etc/inc/interfaces.inc, do I have a misconfiguration and if so how do I resolve it?
There is reference to my VPN endpoints. My vpn is secured by pw & private key. Why am I getting this error? Is it normal for this sequence of events or do I have something misconfigured. Maybe it is normal because the inbound traffic cannot connect?
I leave my VPN up in case I happen to have a need to grab something remotely. I rarely use it but find it convenient to leave running rather than try to remember to start it if I think I will need it. Primarily it allows me to access my security cameras.
Thank you for any assistance in figuring this out.
-
It looks like the gateway hit a latency incident and has just come back which triggers the gateway event scripts.
If you only have one WAN you could disable the gateway action on that since it doesn't really help anything.
The most worrying thing there is that php error. What pfSense version is that?
-
@stephenw10 said in Need help understanding these log entries:
The most worrying thing there is that php error. What pfSense version is that?
I'm on 25.11 Release running on a SG-5100.
FWIW; my interfaces are wan, lan, 2 vlans assigned to the lan, opt1 (ix0) on different subnet, and ix1 assigned but not enabled.
Thank you for info on alert, I'll check into disabling the alert.
-
That line is in the function for querying an IPv6 subnet. Do you have IPv6 subnets on any interfaces?
-
@stephenw10 said in Need help understanding these log entries:
That line is in the function for querying an IPv6 subnet. Do you have IPv6 subnets on any interfaces?
I don't use ipv6 but have entered some values here and there throughout the various menus. Good chance I screwed this up, I never felt comfortable with ipv6 and left values assigned in case I ever tried to get it working.
From my ATT fiber modem interface I pulled out the "Global Unicast IPv6 Address" address and stuck it in a field on the LAN interface under static ip6 config. I did the same with one vlan IOT interface and incremented that value by 1 bit both are give a /64. The NDP table shows I also have the exact same fe80:: addresses assigned to 2 interfaces. All of my devices are working w/ ipV4. Maybe these ipV6 static addresses are the problem since they are assigned to a working ipV4 interface?
In Advanced Networking I have ipv6 blocked at firewall and ipv4 preferred checked.
I have KEA DHCPv6 server is populated with some pools but the service is not enabled.
-
@stephenw10 said in Need help understanding these log entries:
Do you have IPv6 subnets on any interfaces?
I have made some progress. I removed the static ipV6 addresses from the interfaces, verified there are no ipV6 dhcp pools and removed some ipV6 lo::1 states from the States Table. The Dashboard still shows a DNS server of ::1 along with the resolver but I don't find anywhere to remove that and since it won't be used I guess it doesn't matter. I restarted the resolver and the interface.inc error is gone but I have a different error now.
I restart the unbound and this is part of the log:
The expansion of the unbound.conf error is:
As of this post I have not tried to understand what I am reading but will see if I can find more info. Guidance would appreciated.
thanks
-
@stephenw10 Referring to my last post, that error seems to be caused by Service Watchdog. I removed KEA dhcp & Unbound from watchdog and no more error message after unbound restart. I added back in KEA dhcp and no error on unbound restart. I then added back in unbound and still no error. Don't know if the order of the items in Service Watchdog makes a difference but adding these 2 services back to watchdog put them at the bottom of the list, before they were further up and not next to one another.
So thank you so much for your thoughts and thanks for the many years of help you have given me, going all the way back to why my 2440 would not boot due to many read/writes to the eMMC (BTW, I put mSata in it and have kept it as a backup device).
-
Ah, yes, you shouldn't use the service watchdog unless you have a good reason to do so. Usually that would only be during troubleshooting.
Seeing IPv6 localhost (::1) as a listen address is normal. That will always exist and shouldn't cause any issues.
