After 2.0.2 upgrade, packages did not reinstall, firewall not working



  • Got the same problem yesterday with "Packages are currently being reinstalled in the background."
    This morning I connected a monitor and keyboard and the Pfsense standard menu was there, no Ctrl-C or
    anything was needed, however the firewall doesn´t work anymore, no packages seems to be getting through.
    I can log in to the web gui from the internal network, and the configuration and rules seems intact, all interfaces
    have link etc., but I can´t access either the internet or the DMZ from the internal network.

    If I run pftop it is completely empty.

    Luckily for me I had my old virtual iptables firewall intact so I can post this.
    Any ideas, except reinstalling ? I made a fresh backup of the configuration just before the upgrade.

    EDIT: I should of course have mentioned the the firewall WAS working after the upgrade, until I rebooted it to
    see if that would solve the "Packages are currently being reinstalled in the background."  problem.


  • Rebel Alliance Developer Netgate

    I split this off into its own topic, as it was not related to the other one.

    Check the system log and see if there are any errors there. What packages did you have installed?

    I have seen squid do this before if it gets half-installed it can break the filter reload process which can lead it to appear that things are not working as expected. (Basically you need NAT rules to get out, but the filter rules can't load because it's breaking trying to load squid/squidguard rules).

    Usually the fix is, from the shell:

    rm /usr/local/pkg/*squid*
    

    And then edit/save something in the GUI. If that worked, you can then go back and reinstall squid and friends.



  • @jimp:

    I split this off into its own topic, as it was not related to the other one.

    Check the system log and see if there are any errors there. What packages did you have installed?

    I have seen squid do this before if it gets half-installed it can break the filter reload process which can lead it to appear that things are not working as expected. (Basically you need NAT rules to get out, but the filter rules can't load because it's breaking trying to load squid/squidguard rules).

    Usually the fix is, from the shell:

    rm /usr/local/pkg/*squid*
    

    And then edit/save something in the GUI. If that worked, you can then go back and reinstall squid and friends.

    Did a clean install of 2.0.2 and restored my settings from backup. The "Packages are currently being reinstalled in the background."  was still there, so I deleted the squid files, and the problem was gone. Just to be sure I reinstalled all the packages and the rebooted, and now we are back in business.

    Thanks for the support.



  • Hey all… had this issue with 2.0.2 as well and did not have Squid installed. Was forced to reboot and reinstall packages manually.

    I thought I had a similar issue with 2.0.3 but after looking at the logs it appears to be working slowly.  My search brought me to this post so I thought I'd share my experience for anyone with similar issues. Please feel free to correct me if I'm wrong but here are my findings: check your System Log entries and System Activity.

    In System Activity there should be a process called check_reload_status.

    In System Logs you should see something like this:
    Apr 16 14:19:41 check_reload_status: Syncing firewall
    Apr 16 14:19:32 php: : Beginning package installation for snort.
    Apr 16 14:18:01 check_reload_status: Syncing firewall
    Apr 16 10:17:50 php: : The Shellcmd package is missing its configuration file and must be reinstalled.
    Apr 16 14:17:48 check_reload_status: Syncing firewall
    Apr 16 10:17:46 php: : The Shellcmd package is missing its configuration file and must be reinstalled.
    Apr 16 10:17:46 php: : The Zabbix-2 Agent package is missing its configuration file and must be reinstalled.
    Apr 16 10:17:44 php: : The Zabbix-2 Agent package is missing its configuration file and must be reinstalled.
    Apr 16 10:17:42 php: : The pfflowd package is missing its configuration file and must be reinstalled.
    Apr 16 10:17:39 php: : The pfflowd package is missing its configuration file and must be reinstalled.
    Apr 16 14:17:37 check_reload_status: Syncing firewall

    I can see from later log entries that package progress is proceeding slowly. With just about every check_reload_status entry I see a new PHP process checking for a different packages config files and eventually spawning a Beginning package installation. I have about 12-15 packages I've installed and it have been close to 30 minutes after update reboot and package installation is still going.

    I'll post back later, once complete but my assumption is that once reload/package installation is complete the check_reload_status will end, could be wrong... might just sleep.  At the very least you can at least confirm installation is complete by browsing to the Packages section under System to see if you can see/modify packages. If it is not complete you will see "Please wait while packages are reinstalled in the background."



  • So I left mine running for a few hours only to find it got hung up on the Avahi package… I SSH'd in and manually installed it using pkg_add -r.

    Once I did that I reloaded the web config page and saved a change to my dns forwarder service (as I knew that was installed and working).

    This appears to have kicked it in the ass and got everything moving again... Would be nice if PFsense alerted the user when the reinstall failed or hung.



  • went pretty smooth for me (amd64)..
    It took only a few minutes - i lost pfBlocker config (somehow its interface was gone and came up disabled, of course) but it took a few minutes to put it back.



  • Should have probably stated I'm using i386 embedded (nanobsd) on a Firebox x700.


Log in to reply