[pfSense Support] pFsense... unexpected behaviour
Hi, I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a weird behavior yesterday on the box, the webonfigurator was working and i was able to add/change rules as well as load-balancing policies, but the policies would not take effect, i.e. there was no change in the traffic behavior although it showed that the configuration was in effect. I tried to change the lb pool, redirect to different set of backend servers, still no change. On digging further, i found 2 lines in "dmesg" ... WARNING: / was not properly dismounted WARNING: R/W mount of / denied. Filesystem is not clean - run fsck But, I was able to create and rm a file on the file-system. There was no hard reboot of the server and it had an uptime of 45+ days. 1. Why should the filesystem become dirty... how do i prevent it? 2. Shouldn't the webconfigurator show warnings/errors if this happens? I rebooted the FW box and things seem ok now. ShiB. while ( ! ( succeed = try() ) );
[pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 10:22 AM, Shibashish wrote: > > On Tue, May 17, 2011 at 1:15 PM, Warren Baker wrote: > >> >> Remember that there are active sessions which are in the firewall state >> table, these sessions will continue to work regardless of your changes until >> these sessions expired. I am no expert on the server load balancer so I am >> not sure whether states are removed when changes are made to pool (i know >> states are changed when there is a server that is marked as down). So >> someone else will need to answer on that. >> >> >> > *To add, I did flush out all the states, i.e. did a "reset states". I > missed writing this.* > > >> This indicates that there was a hard reboot and the system was not cleanly >>> shutdown due to a power failure, OS crash or similar. >> >> So on the next boot a file system check took place to ensure the >> consistency of the file system which would have fixed any problems >> automatically. >> >> *Does pfSense do a fsck on reboot/boot... can you/someone please confirm. > * > pfSense will do a file system check on every reboot, this is to ensure the file system is healthy. If it is not then it will indicate this and execute a fsck to fix the problem(s). > >> This would then have happened prior to the 45 days. >> >> *I did a touch and rm after seeing the issue and the log file. The > filesystem was writeable.* > Correct - as the fsck was successful. > >> >> >>> 2. Shouldn't the webconfigurator show warnings/errors if this happens? >>> >> >> >> No since fsck fixes the file system on boot. If it didn't or could not fix >> it, the system would not boot and drop you to a shell. You would then have >> to manually fix it. >> >> *My point was that, shouldn't webconfigurator show a warning/error that > fs is readonly and new config cannot be saved/activated.* > The fs was not readonly as you mentioned above that you could touch and rm. -- .warren
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 9:14 AM, Shibashish wrote: > Hi, > > I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a > weird behavior yesterday on the box, the webonfigurator was working and i > was able to add/change rules as well as load-balancing policies, but the > policies would not take effect, i.e. there was no change in the > traffic behavior although it showed that the configuration was in effect. I > tried to change the lb pool, redirect to different set of backend servers, > still no change. On digging further, i found 2 lines in "dmesg" ... > Remember that there are active sessions which are in the firewall state table, these sessions will continue to work regardless of your changes until these sessions expired. I am no expert on the server load balancer so I am not sure whether states are removed when changes are made to pool (i know states are changed when there is a server that is marked as down). So someone else will need to answer on that. > > WARNING: / was not properly dismounted > WARNING: R/W mount of / denied. Filesystem is not clean - run fsck > This indicates that there was a hard reboot and the system was not cleanly shutdown due to a power failure, OS crash or similar. So on the next boot a file system check took place to ensure the consistency of the file system which would have fixed any problems automatically. > But, I was able to create and rm a file on the file-system. There was no > hard reboot of the server and it had an uptime of 45+ days. > This would then have happened prior to the 45 days. > > 1. Why should the filesystem become dirty... how do i prevent it? > Besides a hard reboot from an OS crash, use a UPS to ensure the system is up when there is a power failure so that you can at least have time to shut it down. > 2. Shouldn't the webconfigurator show warnings/errors if this happens? > No since fsck fixes the file system on boot. If it didn't or could not fix it, the system would not boot and drop you to a shell. You would then have to manually fix it. thanks -- .warren
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 1:15 PM, Warren Baker wrote: > > On Tue, May 17, 2011 at 9:14 AM, Shibashish wrote: > >> Hi, >> >> I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a >> weird behavior yesterday on the box, the webonfigurator was working and i >> was able to add/change rules as well as load-balancing policies, but the >> policies would not take effect, i.e. there was no change in the >> traffic behavior although it showed that the configuration was in effect. I >> tried to change the lb pool, redirect to different set of backend servers, >> still no change. On digging further, i found 2 lines in "dmesg" ... >> > > > Remember that there are active sessions which are in the firewall state > table, these sessions will continue to work regardless of your changes until > these sessions expired. I am no expert on the server load balancer so I am > not sure whether states are removed when changes are made to pool (i know > states are changed when there is a server that is marked as down). So > someone else will need to answer on that. > > > *To add, I did flush out all the states, i.e. did a "reset states". I missed writing this.* > >> WARNING: / was not properly dismounted >> WARNING: R/W mount of / denied. Filesystem is not clean - run fsck >> > > > This indicates that there was a hard reboot and the system was not cleanly > shutdown due to a power failure, OS crash or similar. > So on the next boot a file system check took place to ensure the > consistency of the file system which would have fixed any problems > automatically. > > *Does pfSense do a fsck on reboot/boot... can you/someone please confirm.* > > >> But, I was able to create and rm a file on the file-system. There was no >> hard reboot of the server and it had an uptime of 45+ days. >> > > This would then have happened prior to the 45 days. > > *I did a touch and rm after seeing the issue and the log file. The filesystem was writeable.* > > >> >> 1. Why should the filesystem become dirty... how do i prevent it? >> > > > Besides a hard reboot from an OS crash, use a UPS to ensure the system is > up when there is a power failure so that you can at least have time to shut > it down. > > *The FW is in the datacenter, so the power and ups issue is taken care of. There might have been a fluctuation in one of the circuits, this cannot be proved as of now.* > > >> 2. Shouldn't the webconfigurator show warnings/errors if this happens? >> > > > No since fsck fixes the file system on boot. If it didn't or could not fix > it, the system would not boot and drop you to a shell. You would then have > to manually fix it. > > *My point was that, shouldn't webconfigurator show a warning/error that fs is readonly and new config cannot be saved/activated.* > > thanks > > -- > .warren > Thanks a ton Warren. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 10:22 AM, Shibashish wrote: > > On Tue, May 17, 2011 at 1:15 PM, Warren Baker wrote: > >> >> Remember that there are active sessions which are in the firewall state >> table, these sessions will continue to work regardless of your changes until >> these sessions expired. I am no expert on the server load balancer so I am >> not sure whether states are removed when changes are made to pool (i know >> states are changed when there is a server that is marked as down). So >> someone else will need to answer on that. >> >> >> > *To add, I did flush out all the states, i.e. did a "reset states". I > missed writing this.* > > >> This indicates that there was a hard reboot and the system was not cleanly >>> shutdown due to a power failure, OS crash or similar. >> >> So on the next boot a file system check took place to ensure the >> consistency of the file system which would have fixed any problems >> automatically. >> >> *Does pfSense do a fsck on reboot/boot... can you/someone please confirm. > * > pfSense will do a file system check on every reboot, this is to ensure the file system is healthy. If it is not then it will indicate this and execute a fsck to fix the problem(s). > >> This would then have happened prior to the 45 days. >> >> *I did a touch and rm after seeing the issue and the log file. The > filesystem was writeable.* > Correct - as the fsck was successful. > >> >> >>> 2. Shouldn't the webconfigurator show warnings/errors if this happens? >>> >> >> >> No since fsck fixes the file system on boot. If it didn't or could not fix >> it, the system would not boot and drop you to a shell. You would then have >> to manually fix it. >> >> *My point was that, shouldn't webconfigurator show a warning/error that > fs is readonly and new config cannot be saved/activated.* > The fs was not readonly as you mentioned above that you could touch and rm. -- .warren
