Configuration problem???



  • I'm currently using pfSense as a firewall and load balancer. behind the fw are my servers (web, mail, proxy).

    Before a typhoon, everything is working fine - internal network users can access the internet, the mail and the website. the public can view our company website and our company web mail for our field workers is okay.

    all the servers abruptly shutdown due to power loss because of total blackout with the ups and gen sets not able to sustain the long hours of the blackout.

    upon starting the servers, i've noticed that only the internal users are okay(internet access and mail) but the public access of our website and web mail returned a time out error. i tried looking for some errors at the pfSense logs but did not found any.

    is it possible that my pfSense configuration were messed up because of the sudden shutdown of the servers. or my server(web/mail) settings were also messed up because of that incident.


  • Netgate Administrator

    It is possible you had some filesystem corruption if you had a hard power off.
    All of pfSenses configuration is stored in a single file, config.xml, so if it's loading any configuration at all it's unlikely the file is damaged. Without a config file it can read pfSense will default back to asking you to define the interfaces at the console and go no further.

    You can try enabling logging on the your port forwarding firewall rule to see what is being passed. You could run a packet capture on the internal interface to see if requests to your servers are reaching that far.

    Steve



  • thank you for the reply. i tried logging in to my port forwarding firewall rule and did not notice anything unusual. i compared  everything from an identical pfSense box which was setup as a fail over and did not saw anything wrong. i tried to used the other pfSense box but still the website and web mail can't be accessed outside of the network but it's working fine internally.


  • Netgate Administrator

    Check that your servers still have a valid route back to external requests. You should be able to see the requests coming in at least in the logs.

    Steve



  • can you help me on how to go about that - checking the servers if it have valid routes back to external requests?


  • Netgate Administrator

    Log into your server, try to ping something external. Note the actual error given if it fails.

    Try to connect to the server from some external address, check the server logs to see if those requests are arriving.

    Steve