pfsense cannot define table Cannot allocate memory or DHCP fail

It happened to me at the end of April and at the beginning of May in different pfsense boxes, and it took me by surprise that it was a common error during those weeks.

Pfsense??? How??? I never had problems with it!!!!

Let me tell you about the errors I saw on my boxes:
A. Users reported that "they were not able to surf the web", so by checking those workstations I noticed the missed their IP address. Normally they get 192.168.1.x, but all they got 169.254.x.x... and it was not for a damaged cable or port, nor a damaged switch as I was guessing, it was the DHCP service having problems.

 B. Then, in the upper right corner on pfsense admin console I saw something like this
There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table persist file /etc/bogonsv6]

In my case I got a 26 (among others) instead of 19, but the error was the same.

 So I found the problem and the 2 steps solution:
There's something called Firewall Maximum Table Entries that after some time gets lack of space (by default size is 1,000,000), and cause the symptoms.

Yes, reboot your pfsense can help, but it won't solve the problem, it will be just temporally.... so do the following:

 1. If you have an old pfsense version (2.3 or older).... in other words something that looks like this






There's a bug, so you need to upgrade to pfsense version 2.4.x of something that looks like this





2. Once the update is done go to System-> Advanced-> Firewall / NAT and modify the Firewall Maximum Table Entries to more than 1,000,000 also modify Bogon networks Update Frequency both according to your box capabilities.

3. Reboot pfsense.

 

Comentarios

Publicar un comentario

Entradas populares de este blog

Enable MP3 codec on Windows 10 (Fraunhofer IIS MPEG Layer-3 Codec / l3codecp.acm)

Imagen
Perhaps you have been in the need of using MP3 codec (Fraunhofer IIS MPEG Layer-3 Codec) on a new windows version, I was in that situation last week. I had to install audio software actually running on Windows XP on a new Windows 10 computer. That Audio software uses all the available codecs on the system, so once I realized that just by having windows media player is not enough like in XP, I reasearched but everything point to install klite codec pack, LAME MP3 or similar. That didn't work for me, codec pack software specially klite are good, I like it, but this software is designed to work only (not sure why) with Fraunhofer IIS MPEG Layer-3 Codec. I was lucky to find Komeil Bahmanpour's blog (a wise dude), so I learned that l3codecp.acm file (The codec) is available in all Windows versions (tipically on Windows\system32), but is not enabled for some legal issue, but it can be unleashed by dealing with windows registry entries. For x64 systems just do this on windows re
Leer más

La de Clave entidad federativa DIF no corresponde con las opciones del catalogo del SAT CFDI 4.0 Nomina

Imagen
Recientemente muchos sistemas fueron modificados por la entrada en vigor del CFDI 4.0 (aunque se ha pospuesto oficialmente su puesta en marcha). Esto le paso a un cliente que cambio a la ultima version de nomina contpaq durante el timbrado de su nomina.    Lo primero que penso el cliente fue que el error era de la version nueva de la nomina. Yo no habia tenido ningun problema reportado de mis otros clientes, asi que en efecto el error debia ser en los datos de ese cliente.  Esto es lo que hice: 1. Verifique los datos de cada empleado, especificamente C.P. y Entidad Federativa Catalogo -> Empleado-> Tab IMSS-INFONAVIT     2. Verificar C.P. y la entidad federativa en el registro patronal Catalogo-> Registro patronal 
Leer más

Audio streaming from Ubuntu / darkice / pulseaudio to remote icecast server

Imagen
It's a hard dutty to migrate from the comfortable Windows environment to Linux, but when the computer got to old, Linux will always be the answer. I had to find how to re-use the old windows computers to save money and keep the audio streaming to a remote icecast server (I'm not fan of the multi-purpose equipment so my icecast server is running on another machine), myfirst guess, was some linux distribution teamviewer capable and internet browser with no limitations to browse. After I few minutes I decided to install Ubuntu 14 x64, my computer is kind of old(Intel core duo, 2G ram and 80GB hard drive), so probably the latest version could be a problem. This is the process I followed: A. Ubuntu 14 04 LTS x 64. It's way too easy (specially if not sure about the performance after installation) to install from USB (I used Universal USB installer from www.pendrivelinux.com ). In case this particular distribution release was a problem I could try another one. B. So import
Leer más