Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP and DNS Forwarder settings unset themselves sporadically

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    15 Posts 5 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pwnell
      last edited by

      I have two pfSense boxes - one running 2.0-BETA2 built on Tue May 25 16:26:17 EDT 2010, the other 2.0-BETA1built on Tue May 11 17:34:13 EDT 2010.  Both have DHCP turned on.  One has it on for two internal networks, the other for one internal network.  After a day or two suddenly DHCP seems down.  I go to the UI and I see DHCP is unticked.  I then have to re-tick it, and redefine my IP address ranges, domain suffix etc and start it.  I had the same with the DNS forwarder - worked for 3 days then it unticked itself and stopped working.

      Is this a known issue?  Why would this happen?  On the box with two internal networks, only the DHCP on the LAN interface went down physically, the one on the WiFi interface were still running, however the DHCP settings were all unticked and blank.

      This is a serious issue as I have a network outage basically once every 2 days.  Any ideas?

      1 Reply Last reply Reply Quote 0
      • E
        Efonnes
        last edited by

        This is happening on both boxes?

        1 Reply Last reply Reply Quote 0
        • P
          pwnell
          last edited by

          Yes.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I've been running snapshots from before, then, and after, and haven't ever encountered this issue.

            Just to be sure, I'd update to one from today and see if it happens again over the weekend.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pwnell
              last edited by

              Updated to a snapshot from the 10th, have not seen the DNS / DHCP reset itself again yet.  However when I came back to my computer this morning I saw I could not access my firewall on 8443 (webconfigurator) or 22 (SSH) at all.  All traffic was still routed just fine.  Hooked up the console, tried to restart webconfigurator - no difference.  I then tried to telnet to port 8443 and 22 - both closed.  Tried 80 - worked.  Used web browser to connect to web configurator on 80 - worked.  Went to advanced settings - my webconfigurator has reset itself to port 80 HTTP, and SSH reset itself to be off.

              This is obviously a serious concern as it impacts remote accessibility.  I have not turned off those options by mistake.  It is possible I have left my browser window open on that page, but that is it.

              Any ideas?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                I have never, on any snapshot, seen that happen, and I run it on my home router and many VMs for testing.

                You might check the config history (Diagnostics > Backup/Restore, Config History Tab) and see if there were any modifications to those (or other) settings.

                If you reset the LAN IP from the console, there is an option to fall back to HTTP on port 80. There is also a console option to enable/disable ssh. Is it possible something is triggering things on the console when you don't realize it?

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • P
                  pwnell
                  last edited by

                  Nope the console access is sorta off limits as I never have a keyboard hooked up.  Look - you were right.  I checked out the config diffs (did not even realise it was there - thanks!) and here is the change that caused the missing settings - just, I did NOT change those values deliberately.  I might have changed other values but not disable ssh etc.

                  
                  Configuration diff from 6/10/10 20:48:24 to 6/11/10 13:58:07
                  --- /conf/backup/config-1276228104.xml	2010-06-11 13:58:07.000000000 -0700
                  +++ /conf/backup/config-1276289887.xml	2010-06-11 13:58:16.000000000 -0700
                  @@ -11,13 +11,13 @@
                   		 <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
                   		 <webgui>-			<protocol>https</protocol>
                  +			
                   			 <certificate><private-key>-			<port>8443</port>
                  +			
                   			<auth_method>session</auth_method>
                   			<backing_method>htpasswd</backing_method>
                  -			<ssl-certref>3bbd4d17da4fe</ssl-certref>
                  +</private-key></certificate></webgui> 
                   		 <firmware><alturl>@@ -33,7 +33,6 @@
                   		 <maximumstates><shapertype><dnsallowoverride>-		<enablesshd>enabled</enablesshd>
                   		 <group><name>admins</name>
                  
                  @@ -67,7 +66,6 @@
                  
                   		 <reflectiontimeout>-		 <disablehttpredirect><interfaces><lan>@@ -212,7 +210,7 @@
                  
                   			 <defaultleasetime><maxleasetime>-			<netmask></netmask>
                  +			 <netmask><failover_peerip><gateway><enable>@@ -2364,8 +2362,8 @@
                  
                   	 <revision>-		
                  -		<time>1276228104</time>
                  +		
                  +		<time>1276289887</time>
                   		<username>admin</username></revision></enable></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></lan></interfaces></disablehttpredirect></reflectiontimeout></group></dnsallowoverride></shapertype></maximumstates></alturl></firmware></time-update-interval> 
                  
                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    +		
                    +		<time>1276289887</time>
                    

                    What that's telling you is that you (or someone else) at that timestamp of the config made that change deliberately under System > Advanced, on the Admin tab.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • P
                      pwnell
                      last edited by

                      Yep I see that.  So my question becomes - is it possible that when I saved some bug in the page caused it to not send through the previously set values for those fields?  I am using Safari 4/5.

                      As I said - I know for a fact I did not deliberately change those values.  I did change some TFTP nat values on the Firewall/NAT page though…

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Changing anything on the NAT page would not cause a submission to the admin advanced settings page though.

                        It might be possible for the browser to lose some settings if you save on the same page, but nothing I'm aware of will make it save on a completely different page.

                        Was the timestamp on that backup even a time when you were viewing the GUI?

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • P
                          pwnell
                          last edited by

                          Firstly - I really appreciate your assistance.

                          Secondly - I always have a web page open on the configurator as I am always in front of my computer.  However I never click save unless I am changing something.  At that time I was viewing the UI but I do not recall making any changes. Here are some random facts:

                          • Only I have access to the system (assuming I have not been hacked)

                          • I regularly view and work in web configurator on two different firewalls in the same browser under different tabs

                          • My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

                          1 Reply Last reply Reply Quote 0
                          • E
                            Efonnes
                            last edited by

                            @pwnell:

                            • My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

                            That itself could be the nature of the problem.  I've seen times when I was at the configuration page for an interface and my session had expired.  I reloaded the page and was presented with the login prompt.  When logging in, it would say I had made changes to the interface's configuration and would show the apply button.

                            1 Reply Last reply Reply Quote 0
                            • E
                              emptysands
                              last edited by

                              @Efonne:

                              @pwnell:

                              • My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

                              That itself could be the nature of the problem.  I've seen times when I was at the configuration page for an interface and my session had expired.  I reloaded the page and was presented with the login prompt.  When logging in, it would say I had made changes to the interface's configuration and would show the apply button.

                              I might have noticed something like this as well.  Even if I was just viewing the page and it's timed out.

                              1 Reply Last reply Reply Quote 0
                              • C
                                cmb
                                last edited by

                                Found the problem.
                                http://redmine.pfsense.org/issues/660
                                for the time being, don't refresh pages and log in, hit the top left logo to log in on the dashboard.

                                1 Reply Last reply Reply Quote 0
                                • E
                                  Efonnes
                                  last edited by

                                  This should be fixed now.  Either try a snapshot build from tomorrow or later (assuming one builds) or you could manually apply this change: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/f23e63638af309ec317dc924794c34dd1c68fecc

                                  The one that is currently building was started before this change went in.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.