2.1 to 2.1.1 Issues



  • I have noticed a few issues after upgrading. Of course SNORT would not reinstall but I believe that issue got resolved. I noticed that Alias firewall rules stopped working and I also noticed NAT Reflection stopped working. I have tried recreating the rules with no luck. Not sure what I can do at this point. My site is accessible from the outside world just not from internal. This update has broke some system objects without a doubt. Has anyone been experiencing these same issues after the upgrade? If so were you able to get them corrected?



  • After I upgraded, internet access was intermittent.  Access to the web configurator from the WAN interface would sometimes work and sometime not.  Snort I understand wasn't available immediately and I worked around that.  I did a full restore from a backup I made just prior to the upgrade.  I'm still having lots of strange issues with accessing the web configurator. I'm suddenly getting lots of email alerts such as this one from the newest Snort:  Fatal error: Call to undefined function snort_get_real_interface() in /usr/local/pkg/snort/snort_check_for_rule_updates.php on line 710

    And:  /usr/bin/nice -n20 adjkerntz -a (nice: adjkerntz: No such file or directory)

    I thought after a full system restore back to the previous version, things would be back to normal, but not so much.
    Not sure where to go from here, probably wait a while for fixes and re-install from scratch.

    I realize this post offers no help to anyone and I'm not bashing this awesome free product, just hope the growing pains get worked out quickly.



  • I'm still having same issues after updating to 2.1.2.



  • There certainly isn't anything seriously broken like you're insinuating in any stable release version. Aliases most certainly work, we have hundreds of them internally with IPv4 and/or v6 alone and I setup dozens of them in an average week for customers. Post what you're trying to do, what rules.debug contains, etc.



  • @cmb:

    There certainly isn't anything seriously broken like you're insinuating in any stable release version. Aliases most certainly work, we have hundreds of them internally with IPv4 and/or v6 alone and I setup dozens of them in an average week for customers. Post what you're trying to do, what rules.debug contains, etc.

    Hi CMB,

    I was not trying to be critical. But the update has caused many issues, just look at the forum… The Alias issue that I am having issues with for example would be a list of internal IP's that I am blocking from our internal network from leaving out our gateway to the Internet. I have had it set this way for years with pfsense dating back to mid 2006 year. The rule with the attached alias will not block the internal clients anymore and no the rule is not being overriding by a rule above it. This is not my most critical issue. The one that is causing more issues than none for me right now is NAT reflection seems to be broke after we updated from 2.1 to 2.1.1. We are not exceeding 500 forwards and yes it is enabled, and yes the rules are set to uses NAT+Proxy.

    I am at a point where I may need to created a test reinstall to see if something just broke during the upgrade and the problem is not with the 2.1.1 or 2.1.2 image itself. Maybe this was just a bad upgrade? I was hoping to hear something back as a possible solution.

    Thanks



  • I just did a clean install recreated all my setting from scratch just to make sure I was not getting anything bad from backup configuration and I am still having issues with NAT reflection not working. Can anyone else verify if they are having these same issues?

    Thanks,



  • I've run into a strange issue where my pfSense nanoBSD 2.1 will not upgrade to 2.1.1 or 2.1.2. I have tried using the webGUI and the manual update but each fails at the 48% download/upload. Since I'm running off a 4GB USB drive, I'm simply building another USB using Physdiskwrite with the 2.12 image and will restore my configuration from backup. Will report back with results.


Log in to reply