Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging stops, pflog0 promiscuous

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lmfs
      last edited by

      The firewall logging stops at regular intervals with pfSense 1.0.1 RELEASE and the only way to enable it again (I don't know any other way) is to reboot.

      This happens when pflog0 sets promiscuous mode to disabled, for no apparent reason.

      Nov 23 07:56:38 pfsense check_reload_status: updating dyndns
Nov 23 07:56:39 pfsense php: : DynDns: Running updatedns()
Nov 23 07:56:39 pfsense php: : DynDns: updatedns() starting
Nov 23 07:56:39 pfsense php: : DynDns: _detectChange() starting.
Nov 23 07:56:39 pfsense php: : DynDns: Current WAN IP: X.224.222.80
Nov 23 07:56:39 pfsense php: : DynDns: Cached IP: X.224.222.80
Nov 23 07:56:39 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
**Nov 23 07:56:52 pfsense kernel: pflog0: promiscuous mode disabled**
Nov 23 08:26:41 pfsense dhclient[280]: DHCPREQUEST on em0 to Y.21.248.42 port 67
Nov 23 08:26:41 pfsense dhclient[280]: DHCPACK from Y.21.248.42
Nov 23 08:26:41 pfsense dhclient[280]: bound to X.224.222.80 – renewal in 1800 seconds.
Nov 23 08:26:44 pfsense check_reload_status: rc.newwanip starting

      At 07:56:52 promiscuous mode was disabled and the firewall logging stopped.

      This happens at, as far as I can tell, at random intervals.

      Is there anything that can be done about this, restarting a script or …?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        First you really want to update to 1.0.1.  Second, please post more logs around the time this stops.  We need to get an idea of what is killing it.

        1 Reply Last reply Reply Quote 0
        • J
          jeroen234
          last edited by

          maybe a crashing snort package ?
          snort sets promiscuous mode to enabled
          when snort crashes or stopt it is set back to normal (  promiscuous mode disabled)

          1 Reply Last reply Reply Quote 0
          • L
            lmfs
            last edited by

            Well, this is 1.0.1 RELEASE - I think you didn't see that first line of mine in the message  ;)

            Installed on harddisk, from ISO/LiveCD, PC hardware, no CARP/IPSec/VPN/packages - just plain router/firewall config so far (evaluating performance and function).

            Motherboard: ASUS P4P800-VM mATX
            CPU: Celeron D, 2.8 GHz
            Mem: 1 GB DDR400
            Net: 2 * Intel Pro/1000 GT (82541PI chipset)
            Most things otherwise disabled through BIOS settings.

            em0 -> WAN
            em1 -> LAN

            This is what happened last time. Log from 30 minutes before and 30 minutes after prosmisuous mode was disabled. Promiscuous mode was disabled at 16:10:54.

            system.log

            
Nov 24 15:10:13 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
Nov 24 15:40:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67
Nov 24 15:40:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42
Nov 24 15:40:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds.
Nov 24 15:40:09 pfsense check_reload_status: rc.newwanip starting
Nov 24 15:40:12 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy.
Nov 24 15:40:12 pfsense php: : Creating rrd update script
Nov 24 15:40:12 pfsense php: : Creating rrd graph index
Nov 24 15:40:12 pfsense php: : Resyncing configuration for all packages.
Nov 24 15:40:12 pfsense check_reload_status: reloading filter
Nov 24 15:40:12 pfsense php: : FTP proxy disabled for interface LAN - ignoring.
Nov 24 15:40:13 pfsense check_reload_status: updating dyndns
Nov 24 15:40:14 pfsense php: : DynDns: Running updatedns()
Nov 24 15:40:14 pfsense php: : DynDns: updatedns() starting
Nov 24 15:40:14 pfsense php: : DynDns: _detectChange() starting.
Nov 24 15:40:14 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy
Nov 24 15:40:14 pfsense php: : DynDns: Cached IP: XX.224.220.yy
Nov 24 15:40:14 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
Nov 24 16:10:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67
Nov 24 16:10:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42
Nov 24 16:10:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds.
Nov 24 16:10:05 pfsense check_reload_status: rc.newwanip starting
Nov 24 16:10:07 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy.
Nov 24 16:10:08 pfsense php: : Creating rrd update script
Nov 24 16:10:08 pfsense php: : Creating rrd graph index
Nov 24 16:10:08 pfsense php: : Resyncing configuration for all packages.
Nov 24 16:10:08 pfsense check_reload_status: reloading filter
Nov 24 16:10:08 pfsense php: : FTP proxy disabled for interface LAN - ignoring.
Nov 24 16:10:08 pfsense check_reload_status: updating dyndns
Nov 24 16:10:10 pfsense php: : DynDns: Running updatedns()
Nov 24 16:10:10 pfsense php: : DynDns: updatedns() starting
Nov 24 16:10:10 pfsense php: : DynDns: _detectChange() starting.
Nov 24 16:10:10 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy
Nov 24 16:10:10 pfsense php: : DynDns: Cached IP: XX.224.220.yy
Nov 24 16:10:10 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
**Nov 24 16:10:54 pfsense kernel: pflog0: promiscuous mode disabled**
Nov 24 16:40:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67
Nov 24 16:40:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42
Nov 24 16:40:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds.
Nov 24 16:40:06 pfsense check_reload_status: rc.newwanip starting
Nov 24 16:40:06 pfsense login: login on ttyv0 as root
Nov 24 16:40:09 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy.
Nov 24 16:40:09 pfsense php: : Creating rrd update script
Nov 24 16:40:09 pfsense php: : Creating rrd graph index
Nov 24 16:40:09 pfsense php: : Resyncing configuration for all packages.
Nov 24 16:40:09 pfsense check_reload_status: reloading filter
Nov 24 16:40:09 pfsense php: : FTP proxy disabled for interface LAN - ignoring.
Nov 24 16:40:10 pfsense check_reload_status: updating dyndns
Nov 24 16:40:11 pfsense php: : DynDns: Running updatedns()
Nov 24 16:40:11 pfsense php: : DynDns: updatedns() starting
Nov 24 16:40:11 pfsense php: : DynDns: _detectChange() starting.
Nov 24 16:40:11 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy
Nov 24 16:40:11 pfsense php: : DynDns: Cached IP: XX.224.220.yy
Nov 24 16:40:11 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
Nov 24 17:10:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67

            filter.log

            
Nov 24 16:07:06 pfsense pf: 079260 rule 56/0(match): block in on em0: xx.224.148.26.4806 > xx.224.220.yy.5900: S 2505059968:2505059968(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:07:12 pfsense pf: 6\. 315120 rule 21/0(match): block in on em0: 10.244.131.145 > 224.0.0.1: igmp query v2
Nov 24 16:07:33 pfsense pf: 20\. 800644 rule 56/0(match): block in on em0: xx.224.132.138.3911 > xx.224.220.yy.6129: S 3767522767:3767522767(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:04 pfsense pf: 30\. 780613 rule 56/0(match): block in on em0: 130.115.120.81.30504 > xx.224.220.yy.1026: UDP, length 488
Nov 24 16:08:21 pfsense pf: 17\. 251424 rule 56/0(match): block in on em0: xx.224.189.107.1229 > xx.224.220.yy.1433: S 17473609:17473609(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:24 pfsense pf: 2\. 989892 rule 56/0(match): block in on em0: xx.224.189.107.1229 > xx.224.220.yy.1433: S 17473609:17473609(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:37 pfsense pf: 13\. 077269 rule 56/0(match): block in on em0: xx.224.221.60.4293 > xx.224.220.yy.139: S 4064406984:4064406984(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:09:11 pfsense pf: 33\. 767767 rule 56/0(match): block in on em0: xx.224.222.197.3821 > xx.224.220.yy.445: S 4222053908:4222053908(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:09:13 pfsense pf: 1\. 942637 rule 56/0(match): block in on em0: xx.224.222.197.3821 > xx.224.220.yy.445: S 4222053908:4222053908(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:09:16 pfsense pf: 3\. 011120 rule 21/0(match): block in on em0: 10.244.131.145 > 224.0.0.1: igmp query v2</mss></mss></mss></mss></mss></mss></mss>

            And then the logging stops.

            Anything else I can supply or do to help any further investigations?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.