Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Volker re Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? See my earlier post where I have detailed one and Chris has pointed out to preserve the cron settings in the xml. Perhaps you can suggest how to automatically pull through the WAN interface name, programmatically, to fully automate it for all? I agree it does seem a bit of a conundrum, the kernel may be to blame, however the fault also exists in monowall's FreeBSD. Kind regards David Hingston. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Sorry for not joining this discussion earlier. I can confirm I am still every so often having the same issue as tortoise. [ifconfig down; ifconfig up] That restores the connection. (I initially did it on the LAN, but reconnected the LAN and did the same with the WAN, as soon as ifconfig XXX up was run it was up again.) What does that tell us? Damn good question! the NIC's don't like each other. replace one or both of the NICs for your pfsense box or your cable modem. i'd vote to replace the cable modem. Hold it. Packets from the ISP to the pfsense WAN interface may stop, however during these lockups LAN machines can browse the modem's web pages perfectly. If the pfsense WAN and modem Ethernet interfaces don't like each other somewhere close to the hardware level, how come pfsense can communicate with the modem both ways, but not beyond the modem? I have observed random deadlock problems (packets stop in one direction) between cheap Ethernet cards (think RTL8039 etc) and a lousy Nokia MW1122 adsl modem Ethernet implementation. However, then *all* traffic over that particular cable was dead in one direction, not just some of it. Other points: Replacing the modem is out of the question. It's owned by the ISP and user-supplied anything isn't supported. The ISP upgraded my older surfboard to a newer model (I'd need to dig out the exact model numbers to be specific). This had no influence on the problem at hand, i.e. problem persists with both models. The ISP is running some kind of NAT scheme between its routers and the cable modem. The Internet global static IP is then on the pfsense WAN interface. Another layer of NAT is done by pfsense. I talked to someone much more knowledgable about BSD than me. He suggested the WAN interface down/up approach too, and suggested as cause of the problem outages in the modem/ISP area which are short enough for some interface state to go down, but not long enough for the interface to cause a full re-initialisation. That would be a BSD kernel driver problem to me - bad incoming data shouldn't mean going belly-up. I can't say this with certainty, but sometimes the problem seems to fix itself again after some minutes, or some hours. That statement is based on LAN hosts having no Internet connection and an assumption that the ISP did not take me offline. Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dual WLAN no load balancing (different GW)
You dont need different GW for the PCs in the LAN. Your LAN interface has one IP address. The PCs in the LAN have the LAN interface IP address as their GW. You set up LAN rules : source IP, port : PC1, any dest ip,port : any,any gateway WAN source IP, port : PC2, any dest ip,port : any,any gateway WAN2 hth sai On 10/2/07, Ingvald Grimstveit [EMAIL PROTECTED] wrote: Current setup: 1x WAN PPPoE (running PPTP VPN server on pfSense with local user db.) Need: 1x Additional WAN Configuration would be: -Different GW for computers on same LAN (inside) -Port forwarding rules for the two WAN's e.g. port 80 from WAN1 to 192.168.10.10 (GW for .10 would be WAN1) port 3389 from WAN2 to 192.168.10.12 (GW for .12 would be WAN2) and more This implies 2x IP on LAN if. Question: Can this be done (easily)? If so what kind of WAN2 subscription do I need (not another PPPoE i think). best regards Ingvald - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No carrier on SYNC interface
Can you not just use a crossed cable for the CARP interfaces? sai On 9/27/07, Shane B [EMAIL PROTECTED] wrote: Are these unmanaged switches? Yeap, little 5 port workgroup switches (Linksys EZXS55W http://www.linksys.com/servlet/Satellite?c=L_Product_C2childpagename=US%2FLayoutcid=1115416836711pagename=Linksys%2FCommon%2FVisitorWrapper) I'll look into pfSense and STP a bit further. Thanks =) On 9/26/07, Chris Buechler [EMAIL PROTECTED] wrote: Shane B wrote: went through fine both times. Just probably that I and others have never heard of or seen a pfsync change cause a loss of link. Ahh, I sense some tough love here. I had assumed that my post would be echoed back out to me, but either the mailing list server or gmail didn't do this. Nah, just confirming that it did go through, and a lot of times when people put that they're insinuating why didn't anybody reply, and I was just explaining. With a normal mail client, you will get the message from the list, but gmail never shows you your own posts from the list. Even when it comes back to you with a modified subject line, which annoys me for the lists I use in gmail. Even the replies come back without the modified subject. Then some of your archived posts from the list have modified subjects throughout the thread, and some don't. You can check the archive at gmane.org to verify it went out to the list. I'm no firewall programming network guru, if I was i'd be working with you already on the project, so please forgive some lack of detailed knowledge of the system. But since I was using inexpensive switches I had assumed pfSense had initiated the blocking, mostly because when you check ifconfig it shows one side of the bridge in blocking mode, as opposed to the whole interface. Interesting... did somebody add STP and I missed it? :) Are these unmanaged switches? If so, they won't do STP, or at least I've never seen or heard of an unmanaged switch with STP, and have dealt with idiots doing things like plugging both ends of a patch cable into an unmanaged switch, which has the result you'd expect. Now it sounds to me like there is STP functionality in pfS, though it's the first I've heard of it. Having never setup anything like this, I'm going to refrain from commenting further. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
