DHCP and DNS Forwarder settings unset themselves sporadically

pwnell

I have two pfSense boxes - one running 2.0-BETA2 built on Tue May 25 16:26:17 EDT 2010, the other 2.0-BETA1built on Tue May 11 17:34:13 EDT 2010.  Both have DHCP turned on.  One has it on for two internal networks, the other for one internal network.  After a day or two suddenly DHCP seems down.  I go to the UI and I see DHCP is unticked.  I then have to re-tick it, and redefine my IP address ranges, domain suffix etc and start it.  I had the same with the DNS forwarder - worked for 3 days then it unticked itself and stopped working.

Is this a known issue?  Why would this happen?  On the box with two internal networks, only the DHCP on the LAN interface went down physically, the one on the WiFi interface were still running, however the DHCP settings were all unticked and blank.

This is a serious issue as I have a network outage basically once every 2 days.  Any ideas?

ShadowFlare

This is happening on both boxes?

pwnell

Yes.

jimp

I've been running snapshots from before, then, and after, and haven't ever encountered this issue.

Just to be sure, I'd update to one from today and see if it happens again over the weekend.

pwnell

Updated to a snapshot from the 10th, have not seen the DNS / DHCP reset itself again yet.  However when I came back to my computer this morning I saw I could not access my firewall on 8443 (webconfigurator) or 22 (SSH) at all.  All traffic was still routed just fine.  Hooked up the console, tried to restart webconfigurator - no difference.  I then tried to telnet to port 8443 and 22 - both closed.  Tried 80 - worked.  Used web browser to connect to web configurator on 80 - worked.  Went to advanced settings - my webconfigurator has reset itself to port 80 HTTP, and SSH reset itself to be off.

This is obviously a serious concern as it impacts remote accessibility.  I have not turned off those options by mistake.  It is possible I have left my browser window open on that page, but that is it.

Any ideas?

jimp

I have never, on any snapshot, seen that happen, and I run it on my home router and many VMs for testing.

You might check the config history (Diagnostics > Backup/Restore, Config History Tab) and see if there were any modifications to those (or other) settings.

If you reset the LAN IP from the console, there is an option to fall back to HTTP on port 80. There is also a console option to enable/disable ssh. Is it possible something is triggering things on the console when you don't realize it?

pwnell

Nope the console access is sorta off limits as I never have a keyboard hooked up.  Look - you were right.  I checked out the config diffs (did not even realise it was there - thanks!) and here is the change that caused the missing settings - just, I did NOT change those values deliberately.  I might have changed other values but not disable ssh etc.

Configuration diff from 6/10/10 20:48:24 to 6/11/10 13:58:07
--- /conf/backup/config-1276228104.xml	2010-06-11 13:58:07.000000000 -0700
+++ /conf/backup/config-1276289887.xml	2010-06-11 13:58:16.000000000 -0700
@@ -11,13 +11,13 @@
 		 <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
 		 <webgui>-			<protocol>https</protocol>
+			
 			 <certificate><private-key>-			<port>8443</port>
+			
 			<auth_method>session</auth_method>
 			<backing_method>htpasswd</backing_method>
-			<ssl-certref>3bbd4d17da4fe</ssl-certref>
+</private-key></certificate></webgui> 
 		 <firmware><alturl>@@ -33,7 +33,6 @@
 		 <maximumstates><shapertype><dnsallowoverride>-		<enablesshd>enabled</enablesshd>
 		 <group><name>admins</name>

@@ -67,7 +66,6 @@

 		 <reflectiontimeout>-		 <disablehttpredirect><interfaces><lan>@@ -212,7 +210,7 @@

 			 <defaultleasetime><maxleasetime>-			<netmask></netmask>
+			 <netmask><failover_peerip><gateway><enable>@@ -2364,8 +2362,8 @@

 	 <revision>-		
-		<time>1276228104</time>
+		
+		<time>1276289887</time>
 		<username>admin</username></revision></enable></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></lan></interfaces></disablehttpredirect></reflectiontimeout></group></dnsallowoverride></shapertype></maximumstates></alturl></firmware></time-update-interval> 

jimp

+		
+		<time>1276289887</time>

What that's telling you is that you (or someone else) at that timestamp of the config made that change deliberately under System > Advanced, on the Admin tab.

pwnell

Yep I see that.  So my question becomes - is it possible that when I saved some bug in the page caused it to not send through the previously set values for those fields?  I am using Safari 4/5.

As I said - I know for a fact I did not deliberately change those values.  I did change some TFTP nat values on the Firewall/NAT page though…

jimp

Changing anything on the NAT page would not cause a submission to the admin advanced settings page though.

It might be possible for the browser to lose some settings if you save on the same page, but nothing I'm aware of will make it save on a completely different page.

Was the timestamp on that backup even a time when you were viewing the GUI?

pwnell

Firstly - I really appreciate your assistance.

Secondly - I always have a web page open on the configurator as I am always in front of my computer.  However I never click save unless I am changing something.  At that time I was viewing the UI but I do not recall making any changes. Here are some random facts:

• Only I have access to the system (assuming I have not been hacked)

• I regularly view and work in web configurator on two different firewalls in the same browser under different tabs

• My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

ShadowFlare

@pwnell:

• My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

That itself could be the nature of the problem.  I've seen times when I was at the configuration page for an interface and my session had expired.  I reloaded the page and was presented with the login prompt.  When logging in, it would say I had made changes to the interface's configuration and would show the apply button.

emptysands

@Efonne:

@pwnell:

• My browser session expires frequently (during the day) when I leave it open on certain pages, I would then log in and sometimes be placed at the page I was looking at before - not sure how the system handles the post / redirect action.

That itself could be the nature of the problem.  I've seen times when I was at the configuration page for an interface and my session had expired.  I reloaded the page and was presented with the login prompt.  When logging in, it would say I had made changes to the interface's configuration and would show the apply button.

I might have noticed something like this as well.  Even if I was just viewing the page and it's timed out.

cmb

Found the problem.
http://redmine.pfsense.org/issues/660
for the time being, don't refresh pages and log in, hit the top left logo to log in on the dashboard.

ShadowFlare

This should be fixed now.  Either try a snapshot build from tomorrow or later (assuming one builds) or you could manually apply this change: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/f23e63638af309ec317dc924794c34dd1c68fecc

The one that is currently building was started before this change went in.