On Tue, May 17, 2011 at 1:15 PM, Warren Baker <war...@decoy.co.za> wrote:
> > On Tue, May 17, 2011 at 9:14 AM, Shibashish <shi...@gmail.com> wrote: > >> Hi, >> >> I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a >> weird behavior yesterday on the box, the webonfigurator was working and i >> was able to add/change rules as well as load-balancing policies, but the >> policies would not take effect, i.e. there was no change in the >> traffic behavior although it showed that the configuration was in effect. I >> tried to change the lb pool, redirect to different set of backend servers, >> still no change. On digging further, i found 2 lines in "dmesg" ... >> > > > Remember that there are active sessions which are in the firewall state > table, these sessions will continue to work regardless of your changes until > these sessions expired. I am no expert on the server load balancer so I am > not sure whether states are removed when changes are made to pool (i know > states are changed when there is a server that is marked as down). So > someone else will need to answer on that. > > > *To add, I did flush out all the states, i.e. did a "reset states". I missed writing this.* > >> WARNING: / was not properly dismounted >> WARNING: R/W mount of / denied. Filesystem is not clean - run fsck >> > > > This indicates that there was a hard reboot and the system was not cleanly > shutdown due to a power failure, OS crash or similar. > So on the next boot a file system check took place to ensure the > consistency of the file system which would have fixed any problems > automatically. > > *Does pfSense do a fsck on reboot/boot... can you/someone please confirm.* > > >> But, I was able to create and rm a file on the file-system. There was no >> hard reboot of the server and it had an uptime of 45+ days. >> > > This would then have happened prior to the 45 days. > > *I did a touch and rm after seeing the issue and the log file. The filesystem was writeable.* > > >> >> 1. Why should the filesystem become dirty... how do i prevent it? >> > > > Besides a hard reboot from an OS crash, use a UPS to ensure the system is > up when there is a power failure so that you can at least have time to shut > it down. > > *The FW is in the datacenter, so the power and ups issue is taken care of. There might have been a fluctuation in one of the circuits, this cannot be proved as of now.* > > >> 2. Shouldn't the webconfigurator show warnings/errors if this happens? >> > > > No since fsck fixes the file system on boot. If it didn't or could not fix > it, the system would not boot and drop you to a shell. You would then have > to manually fix it. > > *My point was that, shouldn't webconfigurator show a warning/error that fs is readonly and new config cannot be saved/activated.* > > thanks > > -- > .warren > Thanks a ton Warren. ShiB. while ( ! ( succeed = try() ) );