All LAN/WAN traffic suddenly blocked



  • I don't know where this topic really belongs.

    When I updated to 2.2.4 a week or so ago, it seemed as if PFSense took and inordinate amount of time to start.  I didn't think much of it at the time.

    Yesterday, I restarted PFSense and noticed that when it got to the Configuring Firewall portion of the startup, it took 10 minutes before it moved to the next action.

    After PFSense finally came up, I discovered that things were not working the way they should - I could pass traffic over IPSEC, but normal web traffic from the LAN to the WAN was not working.  I could ping WAN addresses from PFSense and I could access the PFSense interface from the LAN, but traffic would not pass in or out.

    After looking through the configuration and finding nothing that seemed to have either changed or out of wack,  I reinstalled an autobackup file from last week and restarted PFSense,  Same problem.  10 minutes to load the Firewall Configuration and no Wan to Lan traffic.

    I then did a fresh install and restored a local backup from a month ago - again same results.

    I found a copy of 2.2 installed it, restored a month old configuration - once more same results.

    I did a fresh install, configured just the lan/wan interfaces and the gateway information and traffic passed with no problems.

    I then reinstalled the most recent backup, and then saved each piece of the configuration separately.  I then reinstalled PFSense from scratch and restored each backup area separately and (with the exception that some items (gateways in particular) don't seem to be backed up) everything including the firewall rules and aliases are all restrored and things work correctly, and a reboot does not result in a long firewall configuration delay.

    Not sure why this is happening - I have looked through the firewall rules section of full backup and the individual Firewall Rules backup and see no differences, so I suspect it is some other entry that is causing the problem.

    I have always relied on the knowledge that when things went wrong all I need is PFSEnse on a USB stick and the most recent backup and I could have everything up and running quickly and it is disconcerting to find it isn't always the case.