OPNsense Forum
International Forums => German - Deutsch => Topic started by: bloerr on November 29, 2021, 07:20:14 am
-
Moin,
ich habe eine OpnSense Firewall auf einem APU4D4 am Laufen.
Die Firewall hat gestern plötzlich keine Verbindung zum Internet mehr zugelassen.
Ich habe sie heute morgen neugestartet und die Logs ausgewertet.
Der letzte Eintrag ist "plugins_configure hosts (execute task : unbound_hosts_generate())", danach gibt es erst Log Einträge nach dem Neustart:
2021-11-29T06:38:29 opnsense[41072] plugins_configure openvpn_prepare (execute task : openvpn_prepare(1))
2021-11-29T06:38:28 opnsense[41072] plugins_configure openvpn_prepare (1)
2021-11-29T06:38:28 opnsense[41072] plugins_configure loopback_prepare (execute task : loopback_configure_interface(1))
2021-11-29T06:38:28 opnsense[41072] plugins_configure loopback_prepare (1)
2021-11-29T06:38:28 syslog-ng[30863] syslog-ng starting up; version='3.34.1'
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts ()
2021-11-27T15:14:02 opnsense[19291] /usr/local/etc/rc.newwanip: On (IP address: 192.168.178.177) (interface: WAN[wan]) (real interface: igb0).
2021-11-27T15:14:02 opnsense[19291] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb0'
2021-11-27T15:14:01 opnsense[48864] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:57 opnsense[54295] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:55 opnsense[38085] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:13:55 opnsense[38085] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
Den EEE Patch für die Intel Karten habe ich drin. Und obwohl es am 28.11. keinen einzigen Eintrag gab, lief die Firewall da noch bis 23:30 problemlos.
Das komische daran ist: Per Zabbix Agent kam ich die ganze Zeit auf die Firewall. Sie ließ aber keinen Firewall Verkehr ins und aus dem internen Netz zu und loggte nichts mehr mit.
Womit kann das zusammenhängen?
-
Hast du ne FB davor?
Wie ist deine WAN Schnitstelle konfiguriert?
Wie ist dein Gatway konfiguriert?
Hast du IDS/IPS am laufen?
-
Danke für die Antwort.
Angeschlossen ist das Ganze tatsächlich an einer Fritzbox. Aber nicht direkt an der Box, sondern über einen Switch. Konfiguriert ist es am WAN über eine feste IP Adresse.
Da ich zuvor schon das Problem hatte, dass der WAN Port sich immer verabschiedete, habe ich das berühmte EEE in der Intel Schnittstelle deaktiviert.
Es gibt nur diese eine WAN Schnittstelle mit eben fester IP im Fritz Netz.
Das Gateway habe ich daher fest als Standard definiert als Upstream Gateway ohne Überwachung.
IDS/IPS ist deaktiviert.
Das Ganze ist eine Standard Konfig, die ich an zwei weiteren Standorten völlig ohne Probleme hinter Glasfasermodems betreibe. Es ist also gut möglich dass die Fritzbox da Faxen macht.
Die Fritzbox an sich bleibt aber mit dem internet verbunden.
eben beim Einloggen gab es noch einen Fehlerbericht:
[29-Nov-2021 07:56:31 Europe/Berlin] Exception: Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php:86 - Trying to access array offset on value of type null (errno=8) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:96
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php(86): OPNsense\Base\ApiControllerBase->APIErrorHandler(8, 'Trying to acces...', '/usr/local/opns...', 86, Array)
#1 [internal function]: OPNsense\Diagnostics\Api\LogController->__call('coreAction', Array)
#2 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->callActionMethod(Object(OPNsense\Diagnostics\Api\LogController), 'coreAction', Array)
#3 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#4 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle('/api/diagnostic...')
#5 {main}
DMESG:
---<>---
Copyright (c) 2013-2019 The HardenedBSD Project.
Copyright (c) 1992-2019 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 12.1-RELEASE-p21-HBSD #0 1c99b63a2ba(stable/21.7)-dirty: Wed Nov 10 11:17:14 CET 2021
root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP amd64
FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
VT(vga): resolution 640x480
HardenedBSD: initialize and check features (__HardenedBSD_version 1200059 __FreeBSD_version 1201000).
CPU: AMD GX-412TC SOC (998.15-MHz K8-class CPU)
Origin="AuthenticAMD" Id=0x730f01 Family=0x16 Model=0x30 Stepping=1
Features=0x178bfbff
Features2=0x3ed8220b
AMD Features=0x2e500800
AMD Features2=0x1d4037ff
Structured Extended Features=0x8
XSAVE Features=0x1
SVM: NP,NRIP,AFlush,DAssist,NAsids=8
TSC: P-state invariant, performance statistics
real memory = 4294967296 (4096 MB)
avail memory = 4086042624 (3896 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table:
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: unblocking device.
ioapic0 irqs 0-23 on motherboard
ioapic1 irqs 24-55 on motherboard
Launching APs: 1 2 3
Timecounter "TSC" frequency 998149395 Hz quality 1000
wlan: mac acl policy registered
random: entropy device external interface
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0xffffffff812947f0, 0) error 19
000.000054 [4344] netmap_init netmap: loaded module
[ath_hal] loaded
nexus0
vtvga0: on motherboard
cryptosoft0: on motherboard
acpi0: on motherboard
acpi0: Power Button (fixed)
cpu0: on acpi0
atrtc0: port 0x70-0x71 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
hpet0: iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0
acpi_button0: on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pcib0: could not evaluate _ADR - AE_NOT_FOUND
pci0: on pcib0
pci0: at device 0.2 (no driver attached)
pcib1: irq 24 at device 2.1 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: on pcib1
igb0: mem 0xf7900000-0xf791ffff,0xf7920000-0xf7923fff irq 24 at device 0.0 on pci1
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 2 RX queues 2 TX queues
igb0: Using MSI-X interrupts with 3 vectors
igb0: Ethernet address: 00:0d:b9:5c:71:c8
igb0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: irq 25 at device 2.2 on pci0
pci2: on pcib2
igb1: port 0x2000-0x201f mem 0xf7a00000-0xf7a1ffff,0xf7a20000-0xf7a23fff irq 28 at device 0.0 on pci2
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 2 RX queues 2 TX queues
igb1: Using MSI-X interrupts with 3 vectors
igb1: Ethernet address: 00:0d:b9:5c:71:c9
igb1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: irq 26 at device 2.3 on pci0
pci3: on pcib3
igb2: port 0x3000-0x301f mem 0xf7b00000-0xf7b1ffff,0xf7b20000-0xf7b23fff irq 32 at device 0.0 on pci3
igb2: Using 1024 TX descriptors and 1024 RX descriptors
igb2: Using 2 RX queues 2 TX queues
igb2: Using MSI-X interrupts with 3 vectors
igb2: Ethernet address: 00:0d:b9:5c:71:ca
igb2: netmap queues/slots: TX 2/1024, RX 2/1024
pcib4: irq 27 at device 2.4 on pci0
pci4: on pcib4
igb3: port 0x4000-0x401f mem 0xf7c00000-0xf7c1ffff,0xf7c20000-0xf7c23fff irq 36 at device 0.0 on pci4
igb3: Using 1024 TX descriptors and 1024 RX descriptors
igb3: Using 2 RX queues 2 TX queues
igb3: Using MSI-X interrupts with 3 vectors
igb3: Ethernet address: 00:0d:b9:5c:71:cb
igb3: netmap queues/slots: TX 2/1024, RX 2/1024
pci0: at device 8.0 (no driver attached)
xhci0: mem 0xf7f22000-0xf7f23fff irq 18 at device 16.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
xhci0: Unable to map MSI-X table
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
ahci0: port 0x5010-0x5017,0x5020-0x5023,0x5018-0x501f,0x5024-0x5027,0x5000-0x500f mem 0xf7f25000-0xf7f253ff at device 17.0 on pci0
ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS
ahcich0: at channel 0 on ahci0
ahcich1: at channel 1 on ahci0
ehci0: mem 0xf7f26000-0xf7f260ff irq 18 at device 19.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0
isab0: at device 20.3 on pci0
isa0: on isab0
sdhci_pci0: mem 0xf7f27000-0xf7f270ff at device 20.7 on pci0
sdhci_pci0: 1 slot(s) allocated
acpi_tz0: on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
orm0: at iomem 0xee800-0xeffff pnpid ORM0000 on isa0
hwpstate0: on cpu0
Timecounters tick every 1.000 msec
ugen1.1: at usbus1
ugen0.1: <0x1022 XHCI root HUB> at usbus0
uhub0: on usbus1
uhub1: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: ACS-3 ATA SATA 3.x device
ada0: Serial Number G716240528
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 61057MB (125045424 512 byte sectors)
Trying to mount root from ufs:/dev/gpt/rootfs [rw]...
uhub1: 4 ports with 4 removable, self powered
uhub0: 2 ports with 2 removable, self powered
ugen1.2: at usbus1
uhub2 on uhub0
uhub2: on usbus1
uhub2: 4 ports with 4 removable, self powered
Auffällig finde ich besonders den Part hier, der seit dem Neustart nicht mehr auftritt:
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
2021-11-27T15:14:02 opnsense[19291] plugins_configure hosts ()
2021-11-27T15:14:02 opnsense[19291] /usr/local/etc/rc.newwanip: On (IP address: 192.168.178.177) (interface: WAN[wan]) (real interface: igb0).
2021-11-27T15:14:02 opnsense[19291] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb0'
2021-11-27T15:14:01 opnsense[48864] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:57 opnsense[54295] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:55 opnsense[38085] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:13:55 opnsense[38085] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
2021-11-27T15:13:55 opnsense[38085] plugins_configure hosts ()
2021-11-27T15:13:55 opnsense[38085] /usr/local/etc/rc.newwanip: On (IP address: 192.168.178.177) (interface: WAN[wan]) (real interface: igb0).
2021-11-27T15:13:55 opnsense[38085] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb0'
2021-11-27T15:13:55 opnsense[65188] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:49 opnsense[89610] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:39 opnsense[61453] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:13:39 opnsense[61453] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
2021-11-27T15:13:39 opnsense[61453] plugins_configure hosts ()
2021-11-27T15:13:39 opnsense[61453] /usr/local/etc/rc.newwanip: On (IP address: 192.168.178.177) (interface: WAN[wan]) (real interface: igb0).
2021-11-27T15:13:39 opnsense[61453] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb0'
2021-11-27T15:13:38 opnsense[13445] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:13:34 opnsense[42127] /usr/local/etc/rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (192.168.178.177 ::)
2021-11-27T15:12:57 opnsense[10826] plugins_configure hosts (execute task : unbound_hosts_generate())
2021-11-27T15:12:56 opnsense[10826] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
2021-11-27T15:12:56 opnsense[10826] plugins_configure hosts ()
Ich verstehe die Meldungen so, dass der WAN Port denkt er wird einmal pro Minute ein- und ausgesteckt?