Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - reb00tz

Pages: [1]
Hi @muppet,

Thanks for the reply.

I am not using virtio drivers for now because there is no way to turn it off from the guest side except through the web UI (as far as I am aware); the issues I face here (with e1000 emulation) means I cannot even get to the web UI.

Fact is, I originally tried with virtio but fell back to e1000 (recreating the entire VM also, just in case) trying to troubleshoot the pesky unbound "Starting DNS Resolver" hanging problem... For what it is worth, I have disabled every offload setting in all NICs on the hypervisor (/etc/network/interfaces snippet for every NIC, bondn and brn iface as follows) and I am still facing this issue (of web UI not being accessible).
Code: [Select]
        # disable hardware offloading for virtio compatibility
        offload-tx off
        offload-rx off
        offload-tso off
        offload-ufo off
        offload-lro off
        offload-sg off
        offload-gro off
        offload-gso off
        offload-rxvlan off
        offload-txvlan off
        offload-ntuple off
        offload-rxhash off

I will try with a complete rebuild (again) and see if I can establish a reliable step-by-step. What I do not understand is why unbound is causing so much grief - and considering it is the "default", why I do not see others having the same issue.

Hoping someone can help point me towards debugging/logging the answer...

Hurdle after hurdle...

So, I used the PHP and pfsense environment to disable unbound, so booting the VM no longer requires the "NIC disconnect, reconnect" song-and-dance routine.

For those so inclined:
  • record a script to show the unbound config:
Code: [Select]
record showunboundconfig
$temp = print_r($config['unbound']);
  • record a script to disable unbound:
Code: [Select]
record disableunbound
$config['unbound']['enable'] = false;
  • display the "before", disable, then display the "after":
Code: [Select]
playback showunboundconfig
playback disableunbound
playback showunboundconfig

Unfortunately, I am stuck again; I can ping the gateway or any other host, but I cannot access the web UI, even if I were to disable the firewall via shell (pfctl -d).  :o

I also tried with pfSense 2.3.5, with the exact same results.  :-[

Hi everyone,

Set up a new pfSense 2.4.2 VM under KVM/QEMU on Ubuntu LTS (64-bit) w/2 vCPUs, 2GB RAM, 10GB SATA disk and 1x e1000 NIC - i.e. no virtio devices).

e1000 "WAN" gets IP via DHCP from local DHCP.

Problem #1: System consistently hangs at "Starting DNS Resolver" when NIC is "connected" at boot
  • if plain, straight-forward install from ISO and reboot, WAN is configured, but sysytem hangs at "Starting DNS Resolver"
  • if NIC is "disconnected" (at hypervisor), boot completes (after slight delay at bringing up WAN and "Starting DNS Resolver"), then system operates as normal (up to a point - read below) when NIC is reconnected (i.e. web configuration wizard although it also hangs at the last "redirect" step) - note that DNS Resolver services shows as "not started" after a forced reboot (while repeating the whole "NIC disconnect, reconnect dance")
  • renaming /usr/local/sbin/unbound* "solves" the hang, but then I cannot disable it via web UI (complains about missing unbound-checkconf)

Problem #2: Attempting to disable "DNS Resolver" (i.e. unbound) via web UI consistently fails when "Save" button is clicked (nginx reports "504 Gateway Time-out")

Any ideas?

Pages: [1]