No longer starts up after the restart



  • Hello together
    i have or had running two pfSense 2.2. Installed is SQUID3 as reverse proxy, postfix, pfblockingNG, and configured also openvpn.
    Today I have both rebooted but without success. No machines is booting.
    Any ideas?

    Thanks!



  • A short update
    After more than one hour the system is up. Without any services. Proxy is started but not working. Openvpn is started but not working. I have now uninstalled postfix and restarted again the machine. Restarting is now ok but still no services.



  • Sounds like someone screwed with both boxes to me…



  • Normaly I never restart the boxes but now I did it :-) And it's fail..
    I have startet "Reinstall all packages" I hope it works.


  • Moderator

    Are these Full installs of pfSense or are they Nano/Ramdisk type installs?

    At bootup, what does it show on the terminal window? Also look at the system log for any errors.



  • The installation is on ESXi 5.5. After disable the pfblockerNG all is working. I have new installed pfsense and the same issue after "force update" pfblockerng



  • Was pfblockerNG a recent addition or recent update?


  • Moderator

    The only boot issues with pfBNG was with Nano/Ramdisk installs. On reboot the /var folder is wiped and this caused a 60 second delay per defined alias. This was fixed in the latest release where the aliases are archived and restored at reboot. This was only an issue for Nano/ramdisk installs with the older versions.

    From what limited info is given, he doesn't seem to be running a Nano version.

    Take a look at the pfblockerng.log for any errors. Also do you see any "-" in the widget packet counts? Maybe post a screenshot of the widget.

    To start fresh, disable "keep settings" and disable pfBNG. Click "save" then re-enable these two settings. Then run a "Force Update". Follow the log output as it is presented in realtime and any errors will be indicated there.



  • I'm sure it can be fixed - But installing or updating that package would count as screwing with both boxes.

    These things don't normally just become flakey without having been touched.


  • Moderator

    @iccws:

    Hello together
    i have or had running two pfSense 2.2.
    Today I have both rebooted but without success. No machines is booting.

    I would assume that he is referring to the same VM but different snapshots? Even if they were in carp, only the settings are sync'd, so I can't see how he can be having the same pfctl error (assuming this with limited feedback) on two different boxes.



  • Hello together
    Thanks for your answers.
    A short update:
    One of the two boxes did never start up. I have it reinstalled. It was stopping on "configuring firewall".
    After the new installation I have installed reverse proxy and postfix. All is working well.
    The second box is also working well but when I enable pfblockerng, incoming and outgoing traffic is blocked without logging. I can see nothing.
    The pfSense are installed on several ESX.

    Very very short output from "System Log"
    check_reload_status: Reloading filter
    Mar 9 21:13:58 php: pfblockerng.php: [pfBlockerNG] Starting sync process.
    Mar 9 21:13:58 check_reload_status: Syncing firewall
    Mar 9 21:13:58 check_reload_status: Syncing firewall
    Mar 9 21:13:50 check_reload_status: Syncing firewall
    Mar 9 21:13:50 php-fpm[70844]: /pkg_edit.php: [pfBlockerNG] Starting sync process.

    All time the same in the log.

    Output from pfblockeng:
    UPDATE PROCESS START [ 03/09/15 21:32:47 ]

    [ pfB_Africa_v4 ] exists, Reloading File

    [ pfB_Asia_v4 ] exists, Reloading File

    [ pfB_Europe_v4 ] exists, Reloading File

    [ pfB_NAmerica_v4 ] exists, Reloading File

    [ pfB_Oceania_v4 ] exists, Reloading File

    [ pfB_SAmerica_v4 ] exists, Reloading File

    [ pfB_Top_v4 ] exists, Reloading File

    [ pfB_PS_v4 ] exists, Reloading File

    ===[  Aliastables / Rules  ]================================

    No Changes to Firewall Rules, Skipping Filter Reload

    No Changes to Aliases, Skipping pfctl Update

    UPDATE PROCESS ENDED


  • Moderator

    I would suggest that you read this thread :

    https://forum.pfsense.org/index.php?topic=86212.msg486644#msg486644

    Do you see any "-" in the widget packet count column?

    You can enable "global" logging in the General tab or you can enable logging selectively in each alias.



  • Thanks for your answer BBcan177
    But I think the problem is, the list have not all Countrys IP's. I can't find the IP of the country what I will permit. All is blocking without two countrys what I have unselected  but the IP is not in the list also it's also blocked

    I will now read your link.



  • What for strange world…......
    I have read your url and now all is working.
    I have changed the settings. First I did block the world without two countries, bad idea! Now I have selected only two countries what is allowed and now it's working.

    Thanks for your help!


  • Moderator

    Yes, it's not a good idea to block with almost all of the countries selected. In regards to your boot issue, you should have previously received "pfctl" memory failure notifications??

    Also, unless you have open wan ports, you should use "permit outbound" rules as pfSense is a state full firewall by design.

    pfBlockerNG, is more than a country blocker, you should read the thread I linked above for other threat source lists which can help protect your network from known malicious ips.


Log in to reply