Interface named dmz [SOLVED]
-
I've just performed an upgrade from 1.3 to 2.0.2. The "new" machine threw quite a few errors but luckily my customer allowed me to troubleshoot rather than simply bring the old VM back up.
It turns out that an interface called "dmz" will not work in 2.x but will in 1.3. I renamed it to DMZ1 and suddenly all is fine. I don't know whether the case or the 1 fixed it and I don't intend to try and find out! I am guessing that dmz is a reserved keyword for pf now.
Hope this helps someone …
I've done a bit of a search over the forums but couldn't find anything related to this
Cheers
Jon -
You can have an interface called DMZ. It's possible there's something else in your config that causes a conflict with that name though I can't think what that might be. The errors it was throwing would tell, guessing you had errors loading the rules and it gave you a line number. I'd be curious to know for future reference and in case we need to improve input validation.
-
@cmb:
You can have an interface called DMZ. It's possible there's something else in your config that causes a conflict with that name though I can't think what that might be. The errors it was throwing would tell, guessing you had errors loading the rules and it gave you a line number. I'd be curious to know for future reference and in case we need to improve input validation.
I scpd a rules.debug out to my laptop from when things were failing. Would you like it?
I'm not much good with BSD and couldn't quickly work out how to display line numbers in less on the console - I am rather better on Linux! Although I did come up with using head <line_number>to find the errors eventually.</line_number>
-
Yeah if you can PM it to me, or email cmb at pfsense dot org.
-
The problem is you can't have an alias name that's the same as an interface name. You had both an interface "DMZ" and an alias "DMZ" and can't have both. Input validation prevents that from happening on 2.x versions, but there was no such restriction on old versions.