Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - jjstecchino

Pages: [1] 2 3
2.4 Development Snapshots / Ntopng not starting
« on: January 19, 2018, 06:51:54 pm »
Just updated from 2.4.2 to 2.4.3-DEVELOPMENT (amd64) built on Fri Jan 19 13:16:41 CST 2018 and ntopng is not starting.
Redis is running
If i go to a shell and try "/usr/local/etc/rc.d/ start " ntopng doesnt start
ntopng without parameters starts fine.
System log shows: pid 75313 (ntopng), uid 0: exited on signal 11 (core dumped)

If I turn on Ram disks NtopNg does not start after a reboot. Fresh install of NtopNG starts ok, but doesnt start after reboot. Logs show:
Code: [Select]
Mar 22 08:13:13 php-fpm 51795 /rc.start_packages: The command '/usr/local/bin/redis-cli SET ntopng.user.admin.password 'f9f16d97c90d8c6f2cab37bb6d1f1992'' returned exit code '1', the output was 'Could not connect to Redis at Operation timed out Could not connect to Redis at Operation timed out'

2.4 Development Snapshots / Permission problem after enabling RAM Disk
« on: October 20, 2016, 09:45:05 pm »
This is a new zfs install (10-20-2016 snapshot) with config restored from a 2.3.3 system. After config restore everything seemed to work properly even after several reboots.
After enabling RAM disks and mandatory reboot, the console pauses, asking for user input to override permissions on /var/db/pkg and /var/cache/pkg.
Don't know if related but with ram disk enabled there is another error that pfsense cannot determine kernel version and as a consequence the GUI cannot obtain update status.

If I then disable ram disk, the permission problem persists, but the kernel version problem/upgrade status goes away.

Permissions on /var/db/pkg and /var/cache/pkg are set to drwxr_xr_x when the ram disk is disabled, whereas it is a link to /root/var/db/pkg and /root/cache/pkg with same permissions with the ram disk enabled.

I thought the ram disk activation may have messed up permission but after doing a full reinstall, permissions on those two directories are set to drwxr_xr_x , same as before the reinstall, but the boot process does not pause to ask to override.

I am having an issue with ntopng on 2.3.3. After upgrading to a new snapshot ntopng does not restart. A manual restart fails.
I see this in the logs:
Code: [Select]
/rc.start_packages: The command '/usr/local/bin/redis-cli SET ntopng.user.admin.password 'f9f16d97c90d8c6f2cab37bb6d1f1992'' returned exit code '1', the output was 'Could not connect to Redis at Operation timed out Could not connect to Redis at Operation timed out'
Reinstalling ntopng fixes the problem until the next snapshot upgrade.

2.3.3 Development Snapshots / On 2.3.3 16-10-07 Web configurator is down
« on: October 07, 2016, 09:07:01 am »
Nginix does not seem to start after updating or reboot.
If I try to restart the webconfigurator from the shell I get this in lastlog:
Code: [Select]
The command '/usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf' returned exit code '1', the output was 'nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (2: No such file or directory) 2016/10/07 09:45:25 [emerg] 39921#100271: open() "/var/log/nginx/error.log" failed (2: No such file or directory)'
In /var/log the directory nginx does not exist. creating it  and  restarting nginx with
Code: [Select]
/usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf
solves the problem temporarily, however the directory /var/log/nginx gets deleted at reboot and not recreated on restart, so the fix does not survive reboot

2.3.3 Development Snapshots / ntop doesnt work after upgrade
« on: July 30, 2016, 06:18:06 am »
Ntop package does not work after upgrading 2.3.3 to a new snapshot. Reinstalling package fixes it.

I had my update setting set to follow the development branch. After update I have:

Version   2.3.1-DEVELOPMENT (amd64)
built on Tue Apr 12 12:22:59 CDT 2016

The system is on a later version than
the official release.

I set update to follow release but it says all the files are up to date.

How do I revert to release?


I have an IPV6 6RD tunnel with my ISP (centurylink). It works just fine, however the gateway does not respond to ping. I set this gateway to monitor the IPV6 address of one of the google dns that I can ping just fine from the pfsense box, however the gateway status remains as "Unknown"

I noticed after a restart, unbound does not start automatically. It is enabled on its page. As pfsense restarts, the notice that unbound is starting passes by without error, however after full reboot pfsense does not resolve DNS and on the service status page, unbound is not running. It starts ok manually. On the log I can only see the DHCP server complaining that cannot register addresses to unbound because it is off. (dhcpleases -->   Could not deliver signal HUP to process because its pidfile (/var/run/ does not exist, No such file or directory.)

Of note I recently switched from dnsmasq to unbound on my system. dnsmasq is off but still installed.

My box has the following interfaces WAN, LAN, WAN1 and VPN. In the setting of the Traffic Graph widget they show as WAN, LAN, OPT1, OPT2 and ENC0. Would't be better naming the interfaces with the user assigned names?

Just updated from 2.2.3 to 2.3 (2.3-BETA (amd64) built on Fri Jan 08)

I noticed the thermal sensor widget is displaying just the temperatures of the 8 core atom rangy but not the graphs.
Tried to disable the widget and re enable but still no graphs.
The browser is Safari for Mac ElCapitain.

Works with chrome

IPv6 / 6RD and Centurylink/Qwest Problem, need a helping hand.
« on: December 13, 2014, 07:00:22 am »
My ISP is centurylink. I really would like to have a working IPV6 setup.
I am running 2 pfsense boxes in a CARP setup. Both boxes are running 2.2 RC.
Only one box is setup to do 6RD.
Wan setting are the following:
 - 6RD prefix                       2602::/24
 - 6RD Border Relay  
 - 6RD IPv4 Prefix length    0
Lan is set to track wan.

This IPV6 setup worked for a while, around November 20 when changes were made to 2.2 to fix 6rd. Now It does not work anymore. Since then I went through several pfsense upgrades and fresh reinstalls. I lost the ability to do 6rd around Nov 26. In the interim my dynamic IPv4 has changed as well. These are the 2 things that have changed in my setup since the time I had a working 6RD.

In the logs I see the following errors:
Code: [Select]
Dec 13 07:22:20 check_reload_status: rc.newwanip starting sk0
Dec 13 07:22:20 php-fpm[77709]: /interfaces.php: The command '/sbin/ifconfig wan_stf inet6 4733:fb40::/' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): Invalid argument'
Dec 13 07:22:20 kernel: stf0: changing name to 'wan_stf'
Dec 13 07:22:20 php-fpm[77709]: /interfaces.php: rd6 lan with ipv6 address 4733:fb40::1 based on wan ipv4
Dec 13 07:22:21 php-fpm[90840]: /rc.newwanip: rc.newwanip: Info: starting on sk0.
Dec 13 07:22:21 php-fpm[90840]: /rc.newwanip: rc.newwanip: on (IP address: (interface: WAN[wan]) (real interface: sk0).
Dec 13 07:22:21 php-fpm[90840]: /rc.newwanip: The command '/sbin/ifconfig wan_stf inet6 4733:fb40::/' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): Invalid argument'
Dec 13 07:22:21 kernel: stf0: changing name to 'wan_stf'
Dec 13 07:22:21 php-fpm[90840]: /rc.newwanip: rd6 lan with ipv6 address 4733:fb40::1 based on wan ipv4
Dec 13 07:22:21 php-fpm[77709]: /interfaces.php: ROUTING: setting default route to
Dec 13 07:22:21 php-fpm[77709]: /interfaces.php: ROUTING: setting IPv6 default route to 2602:cdab:240::
Dec 13 07:22:21 php-fpm[77709]: /interfaces.php: The command '/sbin/route change -inet6 default '2602:cdab:240::'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway 2602:cdab:240:: fib 0: Network is unreachable'

I have a LAN pf rule to pass all IPV6 traffic. This was added automatically by 6RD configuration. I do not see additional pf rules on WAN

Am I the only one having trouble using 6RD on century link? If I am the only one, what am I doing wrong? Or is it a pfsense problem?
I have been battling this for the past several weeks without success.
Any help by anyone more knowledgeable on this topic would be greatly appreciated.



I did a fresh install yesterday with the Nov29 nanobsd 2gb snapshot. As I try to update to Nov30 snapshot (today latest) I get an error "something wrong happened while trying to upfate stab entries" and update fails.
fstab has rw-r--r-- permission.

cat fstab
/dev/ufs/pfsense0 / ufs ro,sync,noatime 1 1
/dev/ufs/cf /cf ufs ro,sync,noatime 1 1

Any suggestion?

Is there a way in 2.2 to display the NIC vendor under the MAC address in status/DHCP leases as 2.1 does when the nmap pakage is installed?
I just upgraded to 2.2 beta and the NIC vendor is not there anymore. nmap is installed. I find this a useful feature.


IPv6 / 6RD on Centurylink not working. Am I missing something?
« on: April 09, 2014, 08:08:12 pm »
I am trying to configure ipv6 through a 6rd centurylink tunnel. I am using pfsense 2.1.1 RELEASE.

My settings are :

WAN ipv6: 6rd tunnel
6RD prefix: 2602::/24
6RD Border Relay:
6RD IPv4 Prefix length: 0 bits   

LAN ipv6: track WAN

WAN interface has

ipv6 address: 2602:47:3002:2a00::   
subnet mask ipv6: 24
ipv6 gateway: 2602:47:3002:2a00::

ipv6 address:2602:47:3002:2a00::1
subnet mask ipv6: 64

The routing table has the following ipv6 routes:
default                             2602:47:3002:2a00::cdab:240          UGS           0          57         1500         sk1   
::1                                 :1                                                    UH             0          0           16384       lo0   
2602::/24                      link#16                                             U               0          0           1280         wan_stf   
2602:47:3002:2a00::        2602:47:3002:2a00::cdab:240          UGHS         0          2197      16384       lo0   =>
2602:47:3002:2a00::/64 link#6                                             U                0          940        1500          sk1   
2602:47:3002:2a00::1    link#6                                             UHS           0          3            16384       lo0

Computers on my network are obtaining ipv6 in the 2602:47:3002:2a00:: subnet. so radvd appears to be working.
I can ping6 the LAN address
Can't ping any address outside my network. not even the ipv6 isp gateway which apparently does not respond to ping anyway. nothing appears o be  getting blocked in my firewall logs. It is like nothing is going through the tunnel.

Am I missing something or 6rd is just not working on centurylink?  Or is it the same old bug that has been reported more than a year ago?

I spent a few days on this without getting nowhere. Any help appreciated


Pages: [1] 2 3