[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-discussion
Subject: [pfSense] Problems with migrating from pfsense 2.1.5 to 2.2.2 - no translation or filter rules loade
From: "Seb Auriol" <wzd4j9jxq2 () snkmail ! com>
Date: 2015-06-24 11:00:56
Message-ID: 6865-1435143656-658555 () sneakemail ! com
[Download RAW message or body]
Hi all,
I have installed pfSense 2.2.2 on new hardware (four Dell 1950 blade servers). I \
took the config from the old hardware running 2.1.5 and put it on the new hardware \
and adjusted the NIC assignments. It works fine on three of them, but the 'primary' \
in the HA cluster is not loading the firewall and nat rules. So the result of the \
command below starts:
pfctl -vvsa | less
FILTER RULES:
No queue in use
STATES:
On the secondary, the output from the same command starts:
pfctl -vvsa | less
TRANSLATION RULES:
@0(0) no nat proto carp all
[ Evaluations: 3328 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: pid 19405 State Creations: 18446735278790537528]
@1(0) nat-anchor "natearly/*" all
The result of the problem is that NAT isn't working (and probably all packet \
filtering). Routing is working fine.
A possibly related issue (but if you want to respond to this pfBlocker issue, \
replying to my forum post may be better: \
https://forum.pfsense.org/index.php?topic=88443.msg530471#msg530471):
We had pfBlocker installed on the old firewalls, but the package is not available on \
2.2.x as it has been replaced with pfBlockerNG. However, we still have the config in \
for pfBlocker and it should be removed. I tried running the php script written by \
the author of the new package here: https://forum.pfsense.org/index.php?topic=88443.0
But it doesn't work (maybe it worked on 2.2.0). The output was:
Removing pfBlocker from the pfSense Configuration file
Removed pfblocker
Removed pfblockerlists
Removed pfblockertopspammers
Removed pfBlocker Menu Entry
Fatal error: Call to undefined function getUserEntry() in /etc/inc/config.lib.inc on \
line 501
I then removed the pfBlocker rules from the WAN (as they were still there), but I \
still have the menu item, and the rest of the config as you see below:
[2.2.2-RELEASE][root@primary.test.mydomain.org]/tmp: grep "pfblocker" \
/conf/config.xml | grep -v "pfblockerng"
\
<url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerBadguys</url>
\
<url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerTopSpammers</url>
<command>/usr/local/bin/php -q /usr/local/www/pfblocker.php \
cron</command> <tooltiptext>Configure pfblocker</tooltiptext>
<url>/pkg_edit.php?xml=pfblocker.xml</url>
<pfblockertopspammers>
</pfblockertopspammers>
<pfblocker>
</pfblocker>
<pfblockerlists>
</pfblockerlists>
<url>/pkg_edit.php?xml=pfblocker.xml&id=0</url>
Any ideas on where to look next?
Kind regards,
Seb
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic