Re: [pfSense Support] Starnge routing issue
Hi Konrad! Am Samstag, den 02.06.2007, 20:30 -0500 schrieb Chris Daniel This sounds like an ICMP redirect issue. I have seen problems on pretty much every release of pfsense I have used where ICMP redirects have been rather flaky (one should never rely on ICMP redirects for routing, anyway), but I remember some thread from a while back regarding redirects and 1.0.1. Make sure you are running a recent snapshot. Here is the thread I remember: http://www.mail-archive.com/support@pfsense.com/msg07839.html I've never solved the problems with ICMP redirects. But as Chris said, it's better to not rely on them anyway. My problem was solved with passing incoming and outgoing traffic on the same interface. I saw an option in m0n0wall for that and suggested adding the possibility to bypass firewall rules for traffic on the same interface to pfsense, too. You can find a menu entry for that under System - Advanced - Miscellaneous - Static route filtering. Also, I decided to change the whole internal routing through our layer 3 core switch (with icmp redirects switched off), because routing through it is much more performant than through the firewall and you'll have no problems with filter rules (ok, there are some ACLs on it, but I'm directly responsible for them, because there are no default rules set like in pfsense). I hope, that this helps solving your problems. BR, PIT --- copyleft(c) by | _-_ LOAD LINUX,8,1 -- Topic on #LinuxGER Peter Allgeyer | 0(o_o)0 ---oOO--(_)--OOo--- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfSense Hanging...
Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
State table filling? Try increasing it in System-Advanced. --Bill On 6/3/07, Tortise [EMAIL PROTECTED] wrote: Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. I'll keep an eye on it, I doubt that is the issue. Kind regards David Hingston - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 12:21 PM Subject: Re: [pfSense Support] pfSense Hanging... State table filling? Try increasing it in System-Advanced. --Bill On 6/3/07, Tortise [EMAIL PROTECTED] wrote: Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it hangs, what exactly do you mean? There are tons of possibilities for hangs. Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
