Messages

1

17.1 Legacy Series / Firewall keeps crashing while using WebGUI

« on: June 07, 2017, 10:28:51 pm »

Ever since the last couple updates (I think it started with 17.1.6) the firewall keeps crashing on my while I use the WebGUI or do anything on the command line. If I don't touch the firewall, it seems to be stable.

Today it is extremely bad, firewall crashes every couple of minutes.

The only weird things I can find in the system log are these:

Code: [Select]

Jun  7 21:40:45 gw1 configd.py: [599ea6f1-628c-4e00-a675-d586418490a4] Inline action failed with OPNsense/HAProxy OPNsense/HAProxy/haproxy.conf 'collections.OrderedDict object' has no attribute 'HAProxy' at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 505, in execute     return ph_inline_actions.execute(self, inline_act_parameters)   File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 50, in execute     filenames = tmpl.generate(parameters)   File "/usr/local/opnsense/service/modules/template.py", line 309, in generate     raise render_exception Exception: OPNsense/HAProxy OPNsense/HAProxy/haproxy.conf 'collections.OrderedDict object' has no attribute 'HAProxy'

and this:

Code: [Select]

Jun  7 21:48:09 gw1 flowd_aggregate.py: flowd aggregate died with message Traceback (most recent call last):   File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 148, in run     aggregate_flowd(do_vacuum)   File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 79, in aggregate_flowd     stream_agg_object.add(flow_record_cpy)   File "/usr/local/opnsense/scripts/netflow/lib/aggregates/source.py", line 105, in add     super(FlowSourceAddrDetails, self).add(flow)   File "/usr/local/opnsense/scripts/netflow/lib/aggregate.py", line 258, in add     self._update_cur.execute(self._update_stmt, flow) DatabaseError: database disk image is malformed

Regarding the last one, I disabled Netflow but that doesn't seem to help. The HAProxy log entry appears more often than the netflow one.

Any ideas?

2

17.1 Legacy Series / Re: Firewall not using DNS overrides?

« on: March 24, 2017, 11:45:25 am »

I have no clue. The log file doesen't have anything that would hint at an issue. It basically just repeats these two lines over and over again:

Code: [Select]

Mar 24 10:02:50 dnsmasq[24990]: read /var/etc/dnsmasq-hosts - 13 addresses
Mar 24 10:02:57 dnsmasq[24990]: read /etc/hosts - 2 addresses
And occassionaly prints this:

Code: [Select]

Mar 24 11:41:23 dnsmasq[66225]: using nameserver 80.69.96.12#53
Mar 24 11:41:23 dnsmasq[66225]: using nameserver 81.210.129.4#53

Mar 24 11:41:23 dnsmasq[66225]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify

Mar 24 11:41:23 dnsmasq[66225]: DNS service limited to local subnets


3

17.1 Legacy Series / Re: UPnP not working at all

« on: March 23, 2017, 02:38:13 pm »

Yea, they are both on. Doesn't work.

4

17.1 Legacy Series / UPnP not working at all

« on: March 23, 2017, 02:22:19 pm »

Hi,

I enabled UPnP service, left the "default deny" unchecked. However, nothing seems to work. Tried various devices here that all use UPNP but the status of the UPNP service shows zero entries and the devices complain they can't set up port forwarding.

Not sure where to look for logs for this.

Any clues?

5

Tutorials and FAQs / Re: UPnP Gaming Questions and Answers

« on: March 22, 2017, 11:14:36 pm »

None of this seems to be working for me. I have a NAT rule with static port mapping and UPNP enabled, but my PS4 still shows as NAT Type 3 and no ports opened in UPNP.

Tried everything.

6

17.1 Legacy Series / Re: Internal NAT hosts not being resolved correctly from Public DNS Servers

« on: March 22, 2017, 11:08:18 pm »

I don't have an answer for you, but why are you trying to reach your internal hosts from internal through their public IPs?

You could set up host overrides in your DNS Forwarder so that it resolves the internal IP of your server from the internal network. No need to go through the firewall.

7

17.1 Legacy Series / Re: Firewall not using DNS overrides?

« on: March 21, 2017, 09:49:58 pm »

Yes, it also happens when I ping or use the host command. I have set to bind to LAN interface. I just changed it back to the default (all interfaces) but it makes no difference.

8

17.1 Legacy Series / Re: Firewall not using DNS overrides?

« on: March 21, 2017, 07:29:45 pm »

I tried both, with and without custom DNS servers. Neither seems to work. I do get DNS servers through DHCP (WAN link) and I have the option enabled to pass this through to my downstream DHCP clients.

9

17.1 Legacy Series / Re: Firewall not using DNS overrides?

« on: March 21, 2017, 06:53:09 pm »

I simply added a host as override, like "host.xyz.it -> 10.10.10.1". When I do a nslookup from computers behind the firewall for that host, it resolves to the 10.10.10.1 address. If I do it from the firewall, I get the public IP for that host (we're running a split DNS setup here). The option you are referring to is unchecked. Do I need to have 127.0.0.1 as nameserver configured somewhere for this to work?

10

17.1 Legacy Series / Re: Restrict access to management (HTTP/SSH)

« on: March 21, 2017, 05:19:41 pm »

makes sense. Thank you!

11

17.1 Legacy Series / Re: Firewall not using DNS overrides?

« on: March 21, 2017, 05:19:01 pm »

Just checked, it's turned off (and was turned off). I even tried giving it 127.0.0.1 as a nameserver but no joy.

12

17.1 Legacy Series / Firewall not using DNS overrides?

« on: March 21, 2017, 03:42:14 pm »

Hi,

I configured DNS Forwarder and added a few host overrides, which works great from any client using the firewall as a DNS server. However, it is not working from the firewall itself, e.g. if I do a nslookup from the firewall shell, it sends the request to the forwarders instead of resolving through the host overrides.

Am I missing something here?

Thanks

13

17.1 Legacy Series / [SOLVED] Restrict access to management (HTTP/SSH)

« on: March 21, 2017, 03:40:37 pm »

I can't seem to find an option to restrict access to the firewall GUI and SSH. I can only enable or disable the options. How is this done?

14

17.1 Legacy Series / [REQ] - Logging for automatic rules (NAT)

« on: March 21, 2017, 02:00:30 pm »

Hi,

I am not sure if this is the right place to drop feature requests, but I'll give it a try:

Currently, when you add a new port forwarding rule and let it automatically create a corresponding firewall rule, that firewall rule has logging disabled and the rule can't be edited. So if I want logging, I would have to add the firewall rule manually and disable automatic rule creation.

Why not give me an option to enable logging on these auto-created rules?

Thanks

15

17.1 Legacy Series / Re: Booting image from USB stops in the middle of the process

« on: March 20, 2017, 05:34:24 pm »

I got it figured out. It was probably my mistake. I've used the serial image but ran the installation through a VGA connected monitor. Apparently only the first bits of the boot process are shown on the monitor and then it seems to switch over to serial console. I was able to SSH into it (SSH headless install).

All good now. Thank you!