Cannot Forward Port range in PFSense 2.0



  • I get the following error in my log when I make a ranged port set for forwards.

    Dec 23 19:48:39 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded'
    Dec 23 19:48:39 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded The line in question reads [79]: rdr on fxp0 proto tcp from any to 192.168.155.149 port 22300-22399 -> $DI0SRV0101 port 22300
    Dec 23 19:48:39 php: : There were error(s) loading the rules: /tmp/rules.debug:79: unknown port 22300-22399 pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [79]: rdr on fxp0 proto tcp from any to 192.168.155.149 port 22300-22399 -> $DI0SRV0101 port 22300


  • Rebel Alliance Developer Netgate

    The snapshot built in the middle of a set of commits, apparently.

    It's already fixed in git. Either wait and update to the next snapshot or do a gitsync from the console.



  • Ah ha. Glad I was able to bring that small bug to the surface then. Is there an article on using gitsync? Or do I just console the machine it's running on, and type gitsync into the developer console?

    I'm new to using pfsense, and I'm currently just testing it out.


  • Rebel Alliance Developer Netgate

    If you've never done a gitsync before, you will need to go to a standard shell on the console (opt 8 ) and run:

    pkg_add -r git

    Then exit out of there, and choose the PHP/Developer shell and type

    playback gitsync master

    That should pull in the latest commits to the tree.



  • This is strange. When i do the pkg_add -r git in the shell, it will get up too
    "Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.0-release/All/python26-2.6.2_3.tbz…"

    And not do anything else after that. It's been sitting here like that for about an hour.

    I also tried reinstalling pfsense 2.0 as a fresh install, and I still get the same result.


  • Rebel Alliance Developer Netgate

    Huh. I just did that pkg_add -r git on a box yesterday and it worked, haven't had a fresh 2.0 box to try today.

    If a process on FreeBSD (or pfSense, of course) appears to be "stuck" you can always hit ctrl-T to signal the process to print a status update to the terminal.



  • When I press CTRL+T, it looks to be stuck on "extracting +CONTENTS" If i do CTRL+T again, I get
    "load 0.00 cmd : bsdtar 1440 [piperd] 503.47r 630u 0.60s 0% 2320k"


  • Rebel Alliance Developer Netgate

    Hmm, you'd think it would throw an error rather than just stalling

    Is this a full install or nanobsd?



  • This is a full install.

    I just did another reinstall of pfsense 2.0, and instead of installing the git package, I went and ran "playback git master". It looks like it ran, but I noticed an error at the end. It scrolled past too fast for me to see. So I'm not sure if I have the latest version yet.


  • Rebel Alliance Developer Netgate

    I guess that depends on the error, really.

    It may be better to wait and just upgrade to the next snapshot that comes out (or which has probably come out overnight)



  • Sounds like a plan. THe snapshot should of come out by now. I'll give that one a shot.



  • I used the auto updater to update to the latest snapshot, and everything seems to be working fine.



  • I did that and it worked so like a charm. The only thing I noticed was this:

    ===> Signaling PHP and Lighty restart…

    Warning: Invalid argument supplied for foreach() in /usr/local/sbin/pfSsh.php(334) : eval()'d code on line 261
    ===> Checkout complete.

    Your system is now sync'd and PHP and Lighty will be restarted in 5 seconds.

    pfSense shell: Terminated


  • Rebel Alliance Developer Netgate

    igor,

    I think that was a bug in a previous snapshot which was fixed since then. I saw that once but haven't seen it again on subsequent gitsync runs.



  • i have port forwarded to lan clients and rules present under wan firewall rules but systemlog keeps reporting this so is it the same thing to with the port forward or something else?

    inetd[377]: 28184/udp: unknown service


  • Rebel Alliance Developer Netgate

    That would probably be from NAT reflection.

    Try with NAT reflection disabled, if the message goes away and then comes back when you turn NAT reflection on again, it may be worthy of opening a bug report.



  • with nat reflection disabled, the message seems to have gone



  • That "unknown service" message was a consequence of a reflection bug that was fixed yesterday.



  • ill test it with the 28th december snapshot


Log in to reply