Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - masterd01

Pages: [1] 2 3
General Questions / Re: There were error(s) loading the rules
« on: March 12, 2018, 04:07:15 am »
This is the key word :
Code: [Select]
Cannot allocate memoryAlso check drive space and disk allocations.

If needed, stop en remove the "memory eaters" (packages - and I'm not talking about the cron - or note package here  ;))

Hi Gertjan,

that's not a Problem of mine. The Server has a CPU Load from 3-4 Percent and a low Mem usage.
I found out that the Message and the Problem happen, if a Gateway has Packetloss and it's marked as down. Than the Error is generated. Also if the GW is coming up again. I think this is a bug that has been checked.
As workaround i disabled the gateway-check. Than nothing error happen.

General Questions / Re: There were error(s) loading the rules
« on: March 09, 2018, 04:14:07 am »

the Problem is coming over many times a day.
Does nobody else has had this problem?


General Questions / Re: There were error(s) loading the rules
« on: March 07, 2018, 01:04:03 am »
Same here:

There were error(s) loading the rules: /tmp/rules.debug:26: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [26]: table <bogonsv6> persist file "/etc/bogonsv6"

Sometimes also:

There were error(s) loading the rules: /tmp/rules.debug:34: cannot define table XXX_Netze: Cannot allocate memory - The line in question reads [34]: table <XXX_Netze> {   94.XX/20  92.XXX/21  2a00:XXX::/29 }

Captive Portal / Re: Save "Session details" for Traffic-Volumen
« on: July 19, 2017, 06:49:48 am »
Push up ...

Any Ideas?

Captive Portal / Save "Session details" for Traffic-Volumen
« on: June 21, 2017, 01:26:03 am »

the new Feature "Session details" is really great! So i could see the Volume of each user.
But how could i save this?

In the Syslog i only see the clear login (without traffic-information etc.)

Jun 21 08:22:54    logportalauth    96785    Zone: hotspot_01 - ACCEPT: unauthenticated, ,

How could i log the Traffic-Volumen or the great Session details?
To Syslog, TXT or DB would be okay for me.

Thanks a lot!

Captive Portal / Re: Don't see new CP-Portal under Monitoring
« on: June 20, 2017, 12:34:43 am »
Thanks that works. Post is resolved :)

Captive Portal / Don't see new CP-Portal under Monitoring
« on: June 18, 2017, 07:16:21 am »

i have had about 10 CPs for different VLANs. It work really great. But this week i add a new CP and it issn't shown on the Monitoring-Page. All others are shown correctly. Under Traffic the Interface is shown also correctly.
What should i do to make the "hidden" users visble?

Thanks a lot,


Guys, is my Problem so special?  :P
Still need help to boot over PXE


i tryed to make PFSense Bootup over PXE.

- I configured the DHCP-Server
- I've build the pxelinux.cfg/default

Code: [Select]
DISPLAY welcome.msg
label local
             LOCALBOOT 0

label 1
             kernel memdisk
             append initrd=pfsense_2.3.2_64/pfSense-CE-memstick-2.3.2-RELEASE-amd64.img raw
label 2
             kernel memdisk
             append initrd=pfsense_2.3.2_i386/pfSense-CE-memstick-2.3.2-RELEASE-i386.img raw
label 3
             kernel openSuSE_13.2_64/linux
             append initrd=openSuSE_13.2_64/initrd

label 4
             kernel openSuSE_13.2_i386/linux
             append initrd=openSuSE_13.2_i386/initrd

- I also tryed to Boot directly from the ISO:

Code: [Select]
label 2
             kernel memdisk
             append iso initrd=pfsense_2.3.2_i386/pfSense-CE-2.3.2-RELEASE-i386.iso cdrom raw

The Error-Message is still "Mounting from cd9660:/dev/iso9660/PFSENSE failed with error 19."


- And also via direct PXE-Path

Code: [Select]
label 1
             pxe pfsense/pxeboot

Than i have seen, that the Image tryed to be loaded from NFS. Thats okay for me, but it failed also to load the "kernel" (see attachment)
(Yes, i set the Root-Path in the DHCP-Server)

So what is the correct way to Boot equal i386 or 64 Bit directly via PXE?
My openSuSE works great.

I read in some entrys that i had to load the "pxeboot" from the /boot/. Where should this been enterd?
Does anybody have had some sample-files for me?

Thanks a lot

Hi again,

my Problem is still there. I found out now, that the Problem is the Slave-System!
Exactly after five days the second Server does something with the Carp and the Routing failes.
I don't know what happen there but after reboot from the Slave-System everything is fine again - till the next five days.

The Master-Hardware is changed, the slave not. Should i?
What should i Test next?
I have no ideas anymore and it's not so nice to get sunday a wake up call from the company that the problem is back again.



we have 7 WiFi-Zones. I could not add the 8 one and got in the Log the Message:

still could not bind - Address already in use

Screenshots attached.

I've got the Problem with the 2.3.1-p1

Any Ideas?



Hi PiBa,

that's for that hint.
The HaProxy-Error-Message is gone after deleting everything.
The LAGG-Problem is still there.

I had to downgrade to 2.2.6. There issn't the Problem anymore.

Any other ideas?

General Questions / Re: 2.3 - LAGG, VLAN, Carp - after Update no route
« on: April 28, 2016, 08:58:21 am »
Hi Mevans,

no it's till at 1500.

General Questions / 2.3 - LAGG, VLAN, Carp - after Update no route
« on: April 28, 2016, 01:39:00 am »


we have many PFSense-Installations and updated a lot of them up to 2.3. On two
Servers we got really big problems. An importent on :)
The network there:

2x IBM Server x3650 (6x Network-IF, Two OnBoard, 4x on network cards) --> LAGG
(Failover) --> VLAN --> CARP --> HASync and Config --> HaProxy/Loadbalancing

The Problem:
After Update the PFSense from 2.2.6 to 2.3 everything was fine. After Reboot the
Master-Server the Failover goes to the Second. Everything is still fine. If the
Master comes back, the Carp switches again but no traffic is routed between the
Networks behind the PF. Ping to both PFs + Carp from all IFs are okay. From PF i
could ping everything. But not over the PF.
If i boot the Second one - there i got the Problem also. No network-connection over
the PFSense. Sometimes it helps to open some Gateway-Settings (equal one) and safe
it again.
But this is not often a solution.

What i've tested:
- Reboot
- Disable Carp
- Default-Config PFSense (with Backup from mine)
- PFSense 2.3.1
- HAProxy reinstalled (with bugs, look attached)
- HAProxy Dev
- Add VLANs directly on one Network IF (disable LAGG, attached)
- Delete LAGG and make it new (with a failure - look attached)
- Delete all network-config and make it new (also attached)

Nothing helps.

On the 2.2.6 this config is okay. No Problems are known.

Another Problem at these both Servers:
The GUI is really slow. Sometimes i could only do one change, click safe and the GUI
wait. And wait. Than i got Gateway-Timeout (look attached). I could resolv it with
restart PHP-FPM (16) and Restarting WebConfigurator (11).

Bevor i do a Rollback to 2.2.6. i ask you for help. Have i missed something?

Thats for your time and help!


IDS/IPS / Re: Snort 100%
« on: September 18, 2015, 01:15:59 am »
Same here.
After Update to 2.2.4-RELEASE (amd64/i386)  Snort (3.2.8)  goes Up to 100% CPU and also the Memory is going high. I changed also for a test the settings (Search Method aso. ..)  But nothing happen - after a short time the CPU and Mem going high.

I thought that is a Hardware-Problem, so i switched to the second-system (carp). But there goes the CPU/Mem also high.

At the 2.2.2 the problem was not visble.

Pages: [1] 2 3