Spending a weekend re-installing my firewall appliance was not my plan

So recently while trouble shooting that mail log in problem from my phone, I started going through the web interface on my pfSense box. While in the LAN interface, and it being 4am, I was like why is block RFC1918 for the Wan (which is on every interface tab), and block Bogons, not checked.

So I did what anyone half sleep deprived would do, I checked the boxes and hit apply.  Then I couldn’t get back in to the silly thing. Console wouldn’t work. I just got a blank screen, rebooting while consoled  in would go through the post and loading of BSD but after pfSense started, I didn’t get a menu.

Hey I know, I’m a Nix person, I’ll boot from the live image, go in to recovery find and turn off that setting, sync to the hard drive and reboot.

Yeah, that doesn’t work on pfSense. After waking up around 1pm, I sat down and started working on that. Copied live Memory stick to my USB drive, rebooted. Went to single user mode, and mounted the drive as if I was doing the password recovery. Then went through all the configs I could find. I couldn’t find anything that said bogons or block rfc1918 in any non-binary file. My binary foo isn’t that strong.

So I ended up re-installing the latest version of pfSense and tried to rebuild the configuration I had build 4 or 5 months ago, from memory. Yeah that was a failure. But I have a working system, and was even able to find the cell phone’s ip address in the dhcp client table and do pcaps on the lan interface to catch out bound traffic.

I still like pfSense, and am happy enough for it for my home network and my lab networks (different configs and hardware), but I wish the documentation was a little better, and it was possible to recover from stupid mistakes that lock you out of the device without having to start over from scratch (or if that documentation exists, at least be EASIER to find).

Leave a Reply

Your email address will not be published. Required fields are marked *