Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Upgraded 2.2.1 to 2.2.2 no traffic passing to wan

    Installation and Upgrades
    2
    9
    1318
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MatthewH last edited by

      I updated 2.2.1 to 2.2.2. Traffic between the 3 local LANs still flows fine. Pfsense can ping internet sites, but nothing on the lan can talk to anything on the wan anymore! I had done a full backup prior to upgrading & restoring that didn't fix the problem. I have 2 wan connections load balancing. I also have an ipsec tunnel off site. The ipsec tunnel is up and machines on the local lan can talk to the remote lan. Please help! I apologize for typos as I'm being forced to use my phone.

      Also, the show states diagnostic page is saying current total state count is 0 & no states were found. Snort has a status of stopped and won't start.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        0 states means the filter isn't enabled, or maybe isn't loading. Do you have packet filtering disabled under System>Advanced, Firewall/NAT tab? If so, that's why.

        1 Reply Last reply Reply Quote 0
        • M
          MatthewH last edited by

          No, the disable all packet filtering box is not checked.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            You seeing any filter reload errors in the system log? If you run "pfctl -f /tmp/rules.debug" from a command prompt, what output do you get?

            1 Reply Last reply Reply Quote 0
            • M
              MatthewH last edited by

              The fix was to remove the traffic shaping. Somehow the upgrade made the rules that had been generated by the wizard invalid. pfctl -f /tmp/rules.debug gave the following errors:

              bandwidth for qInternet higher than interface
              parent qInternet not found for qACK
              parent qInternet not found for qP2P
              parent qInternet not found for qVoIP
              parent qInternet not found for qOthersHigh
              parent qInternet not found for qOthersLow
              pfctl: Syntax error in config file: pf rules not loaded.

              We'll see what happens when I re-run the wizard on 2.2.2.

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                That's the reason. Removing the shaper will fix quickly. What's the hardware you're using? Rough guess - Hyper-V?

                1 Reply Last reply Reply Quote 0
                • M
                  MatthewH last edited by

                  @cmb:

                  That's the reason. Removing the shaper will fix quickly. What's the hardware you're using? Rough guess - Hyper-V?

                  No, a C2758 bought from the pfsense store. It's an 8 core Atom, 8GB RAM, SSD.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    Shouldn't be a problem in that case. I guessed Hyper-V since it's weird about reporting its interface speeds.

                    Only way I can think of that happening on a C2758 is if you configured the shaper for > 100 Mb on an interface that's running at 100 Mb. Is that possibly the case?

                    The upgrade wouldn't have changed anything there, it was just pre-reboot you were still running a previous ruleset that loaded without errors, which was gone post-reboot.

                    1 Reply Last reply Reply Quote 0
                    • M
                      MatthewH last edited by

                      @cmb:

                      Shouldn't be a problem in that case. I guessed Hyper-V since it's weird about reporting its interface speeds.

                      Only way I can think of that happening on a C2758 is if you configured the shaper for > 100 Mb on an interface that's running at 100 Mb. Is that possibly the case?

                      The upgrade wouldn't have changed anything there, it was just pre-reboot you were still running a previous ruleset that loaded without errors, which was gone post-reboot.

                      All the interfaces are running at 1Gb & I'm pretty sure the highest I had specified in the shaper was 300Mb. One LAN interface that was in the shaper is unplugged. Maybe that did it? I had specified the minimum bandwidth I wanted available to VoIP on that interface for when I start using it.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy