Hi all, I have installed pfSense 2.2.2 on new hardware (four Dell 1950 blade servers). I took the config from the old hardware running 2.1.5 and put it on the new hardware and adjusted the NIC assignments. It works fine on three of them, but the 'primary' in the HA cluster is not loading the firewall and nat rules. So the result of the command below starts:
pfctl -vvsa | less FILTER RULES: No queue in use STATES: On the secondary, the output from the same command starts: pfctl -vvsa | less TRANSLATION RULES: @0(0) no nat proto carp all [ Evaluations: 3328 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 19405 State Creations: 18446735278790537528] @1(0) nat-anchor "natearly/*" all The result of the problem is that NAT isn't working (and probably all packet filtering). Routing is working fine. A possibly related issue (but if you want to respond to this pfBlocker issue, replying to my forum post may be better: https://forum.pfsense.org/index.php?topic=88443.msg530471#msg530471): We had pfBlocker installed on the old firewalls, but the package is not available on 2.2.x as it has been replaced with pfBlockerNG. However, we still have the config in for pfBlocker and it should be removed. I tried running the php script written by the author of the new package here: https://forum.pfsense.org/index.php?topic=88443.0 But it doesn't work (maybe it worked on 2.2.0). The output was: Removing pfBlocker from the pfSense Configuration file Removed pfblocker Removed pfblockerlists Removed pfblockertopspammers Removed pfBlocker Menu Entry Fatal error: Call to undefined function getUserEntry() in /etc/inc/config.lib.inc on line 501 I then removed the pfBlocker rules from the WAN (as they were still there), but I still have the menu item, and the rest of the config as you see below: [2.2.2-RELEASE][[email protected]]/tmp: grep "pfblocker" /conf/config.xml | grep -v "pfblockerng" <url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerBadguys</url> <url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerTopSpammers</url> <command>/usr/local/bin/php -q /usr/local/www/pfblocker.php cron</command> <tooltiptext>Configure pfblocker</tooltiptext> <url>/pkg_edit.php?xml=pfblocker.xml</url> <pfblockertopspammers> </pfblockertopspammers> <pfblocker> </pfblocker> <pfblockerlists> </pfblockerlists> <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> Any ideas on where to look next? Kind regards, Seb _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
