Netgate SG-1000 microFirewall

Author Topic: New 502 Bad Gateway  (Read 15865 times)

0 Members and 1 Guest are viewing this topic.

Offline BBcan177

  • Hero Member
  • *****
  • Posts: 2601
  • Karma: +809/-5
    • View Profile
    • Click for Support
Re: New 502 Bad Gateway
« Reply #165 on: October 23, 2017, 05:27:24 pm »
As per jimp's suggestion, please try these two patched files which use a pfSense function called try_lock() as opposed to flock().

Run the following commands to download the patched version of the two files from my Github Gist:

Code: [Select]
fetch -o /usr/local/www/pfblockerng/www/index.php "https://gist.githubusercontent.com/BBcan177/9f9c8e62b166cee07ad16cd4ff59103c/raw"
fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/raw"

Recommend a reboot after downloading the patches.

You can review the Gist revisions here:

index.php
    https://gist.github.com/BBcan177/9f9c8e62b166cee07ad16cd4ff59103c/revisions

pfblockerng.inc
    https://gist.github.com/BBcan177/7ff15715be0f02afdbe0a00c676aedce/revisions


Note: The try_lock() function calls might require increasing the timeout setting from the default setting of "5" (seconds)
« Last Edit: October 23, 2017, 05:37:54 pm by BBcan177 »
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline BBcan177

  • Hero Member
  • *****
  • Posts: 2601
  • Karma: +809/-5
    • View Profile
    • Click for Support
Re: New 502 Bad Gateway
« Reply #166 on: October 23, 2017, 06:29:22 pm »
Made a couple changes to the code... So if you have downloaded these files prior to this post, please re-download the same URLs above to get the new changes.... Thanks!
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline ntct

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +8/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #167 on: October 23, 2017, 07:38:41 pm »
Made a couple changes to the code... So if you have downloaded these files prior to this post, please re-download the same URLs above to get the new changes.... Thanks!

Hi BBcan177

Can you make a PR?
« Last Edit: October 23, 2017, 08:12:12 pm by ntct »

Offline BBcan177

  • Hero Member
  • *****
  • Posts: 2601
  • Karma: +809/-5
    • View Profile
    • Click for Support
Re: New 502 Bad Gateway
« Reply #168 on: October 23, 2017, 11:28:03 pm »
Added some temp file removal to the patches. So please re-download this new code if you have downloaded these files prior to this post, please re-download the same URLs above to get the new changes.... Thanks!

A reboot is recommended following these patches.

Once the code has been tested, I will submit this as a PR.

Please report back your feedback.

Thanks!
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline hdejongh

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #169 on: October 24, 2017, 03:36:13 am »
hee Jim,

https://pastebin.com/JVMQTWbY

bad gateway 502 issue

That looks like it was taken just after a reboot, not when the problem was happening. No sign of anything getting backed up in there.

Hee Jim,

im 99,99999% certain the issue was happening at that time.
Ill do it again.

this one is from an other firewall.
it hangs on "sockstat" 15 minutes now so i think those wont come anymore.

https://pastebin.com/Ek9R0qkh
« Last Edit: October 24, 2017, 04:07:32 am by hdejongh »

Offline ha11oga11o

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #170 on: October 24, 2017, 09:45:05 am »
Here is more data with 502 err:

https://pastebin.com/TqSBTKEK

OpenVPN clients cannot connect also, which is mine major problem for now.



hope will help.

Offline hdejongh

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #171 on: October 24, 2017, 10:36:12 am »
Here is more data with 502 err:

https://pastebin.com/TqSBTKEK

OpenVPN clients cannot connect also, which is mine major problem for now.



hope will help.

it starts to become a major issue as well for us. Im about to restore backups..
All virtual firewall's that we upgraded have the same problem...
we have to reboot them multiple times per day to get it working, otherwise ipsec's and openvpn stop working.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21486
  • Karma: +1456/-26
    • View Profile
Re: New 502 Bad Gateway
« Reply #172 on: October 24, 2017, 10:38:03 am »
https://pastebin.com/Ek9R0qkh

it starts to become a major issue as well for us. Im about to restore backups..
All virtual firewall's that we upgraded have the same problem...
we have to reboot them multiple times per day to get it working, otherwise ipsec's and openvpn stop working.

If that is the output when you have the problem, then it's NOT this problem. No sign of pfBlocker or anything blocking PHP. Start a new thread, it's probably something already solved on 2.4.1 if it's a VM issue. Check the release notes.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21486
  • Karma: +1456/-26
    • View Profile
Re: New 502 Bad Gateway
« Reply #173 on: October 24, 2017, 10:40:45 am »
Here is more data with 502 err:

https://pastebin.com/TqSBTKEK

OpenVPN clients cannot connect also, which is mine major problem for now.

That's the same as others here, pfBlocker DNSBL getting stuck waiting. Try to apply the fixed files from bbcan a few posts above yours.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline beernutmark

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #174 on: October 24, 2017, 10:54:06 am »
Just another "me too" post.  I have just applied the fixes above and will report back tomorrow morning if it doesn't lock up.  It has locked up within 24 hours ever since the 2.4 upgrade so hopefully a clean system in the morning will show success.

Offline hdejongh

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #175 on: October 24, 2017, 11:03:05 am »
https://pastebin.com/Ek9R0qkh

it starts to become a major issue as well for us. Im about to restore backups..
All virtual firewall's that we upgraded have the same problem...
we have to reboot them multiple times per day to get it working, otherwise ipsec's and openvpn stop working.

If that is the output when you have the problem, then it's NOT this problem. No sign of pfBlocker or anything blocking PHP. Start a new thread, it's probably something already solved on 2.4.1 if it's a VM issue. Check the release notes.

ok, i will first upgrade to 2.4.1 and report back then!

Offline ha11oga11o

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #176 on: October 24, 2017, 11:04:54 am »
Here is more data with 502 err:

https://pastebin.com/TqSBTKEK

OpenVPN clients cannot connect also, which is mine major problem for now.

That's the same as others here, pfBlocker DNSBL getting stuck waiting. Try to apply the fixed files from bbcan a few posts above yours.

I just did. Will revert with output if hangs.

Cheers!

Offline gsmornot

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +1/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #177 on: October 24, 2017, 12:34:57 pm »
I'm still learning. Can I just enter the two files from reply 165 into the command box via Diagnostics, Command? I am a GUI user.
I have not had any issues yet but following along to prevent any issues. I do use DNSBL and I am on 2.4.1. Was on 2.4 and the related RC's.

Offline ha11oga11o

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #178 on: October 24, 2017, 02:17:15 pm »
I'm still learning. Can I just enter the two files from reply 165 into the command box via Diagnostics, Command? I am a GUI user.
I have not had any issues yet but following along to prevent any issues. I do use DNSBL and I am on 2.4.1. Was on 2.4 and the related RC's.

Use putty as stated here, and when you log in choose shell and copy paste one row after another. Reboot unit and thats it. And use login "root" not "admin" as stated in video.

https://www.youtube.com/watch?v=krNuKDGEjvQ

Cheers!

Offline hdejongh

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: New 502 Bad Gateway
« Reply #179 on: October 25, 2017, 02:03:49 am »
https://pastebin.com/Ek9R0qkh

it starts to become a major issue as well for us. Im about to restore backups..
All virtual firewall's that we upgraded have the same problem...
we have to reboot them multiple times per day to get it working, otherwise ipsec's and openvpn stop working.

If that is the output when you have the problem, then it's NOT this problem. No sign of pfBlocker or anything blocking PHP. Start a new thread, it's probably something already solved on 2.4.1 if it's a VM issue. Check the release notes.

since upgrade tot 2.4.1 no problems yet!