[pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Dear List and especially pfSense maintainers, Bill, Chris, Scott et al. I upgraded to 1.2 over a month ago. The above issue (and the earlier pfSense hanging...) have not recurred since the upgrade. I was not aware of a particular fix that might have addressed this, however looking around it is clear zillions of code changes are noted, it seems very likely the issue was addressed. (since 1.2 RC2 clearly exhibited the problem) Another possibility is the ISP made a change that eliminated the issue. I feel the former is more likely an explanation. I suppose if I was keen I could put back in the old CF card with the previous 1.2 RC2 installation and I guess that might prove it either way. If that would help someone do let me know. I also note PPTP seems to connect much faster and reliably. It gives me great pleasure to express my gratitude to the people involved. Now that I have learned my away around it, (at a certain level that is!) I think pfSense is pretty cool. Kindest regards David Hingston
Re: [pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Mon, May 12, 2008 at 4:23 AM, Tortise [EMAIL PROTECTED] wrote: The above issue (and the earlier pfSense hanging...) have not recurred since the upgrade. Good to hear, thanks for the update. I was not aware of a particular fix that might have addressed this, however looking around it is clear zillions of code changes are noted, it seems very likely the issue was addressed. (since 1.2 RC2 clearly exhibited the problem) It's been a while, but I don't recall anything that would have specifically fixed your issue. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Sat 06 Oct 2007 00:09:12 NZDT +1300, Tortise wrote: re Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? See my earlier post where I have detailed one and Chris has pointed out to preserve the cron settings in the xml. Yes, saw those, thanks. I have put a script here: http://volker.top.geek.nz/soft/script/pfsense-ifc-check So far it's only tested on pfSense 1.0.1. I would like to log the script activity with the pf activity to a remote syslog server, but don't see what mechanism to use for pfSense. Would a guru be so kind and point me in the right direction? Using logger only writes to the system.log ringbuffer. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Volker re Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? See my earlier post where I have detailed one and Chris has pointed out to preserve the cron settings in the xml. Perhaps you can suggest how to automatically pull through the WAN interface name, programmatically, to fully automate it for all? I agree it does seem a bit of a conundrum, the kernel may be to blame, however the fault also exists in monowall's FreeBSD. Kind regards David Hingston. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Sorry for not joining this discussion earlier. I can confirm I am still every so often having the same issue as tortoise. [ifconfig down; ifconfig up] That restores the connection. (I initially did it on the LAN, but reconnected the LAN and did the same with the WAN, as soon as ifconfig XXX up was run it was up again.) What does that tell us? Damn good question! the NIC's don't like each other. replace one or both of the NICs for your pfsense box or your cable modem. i'd vote to replace the cable modem. Hold it. Packets from the ISP to the pfsense WAN interface may stop, however during these lockups LAN machines can browse the modem's web pages perfectly. If the pfsense WAN and modem Ethernet interfaces don't like each other somewhere close to the hardware level, how come pfsense can communicate with the modem both ways, but not beyond the modem? I have observed random deadlock problems (packets stop in one direction) between cheap Ethernet cards (think RTL8039 etc) and a lousy Nokia MW1122 adsl modem Ethernet implementation. However, then *all* traffic over that particular cable was dead in one direction, not just some of it. Other points: Replacing the modem is out of the question. It's owned by the ISP and user-supplied anything isn't supported. The ISP upgraded my older surfboard to a newer model (I'd need to dig out the exact model numbers to be specific). This had no influence on the problem at hand, i.e. problem persists with both models. The ISP is running some kind of NAT scheme between its routers and the cable modem. The Internet global static IP is then on the pfsense WAN interface. Another layer of NAT is done by pfsense. I talked to someone much more knowledgable about BSD than me. He suggested the WAN interface down/up approach too, and suggested as cause of the problem outages in the modem/ISP area which are short enough for some interface state to go down, but not long enough for the interface to cause a full re-initialisation. That would be a BSD kernel driver problem to me - bad incoming data shouldn't mean going belly-up. I can't say this with certainty, but sometimes the problem seems to fix itself again after some minutes, or some hours. That statement is based on LAN hosts having no Internet connection and an assumption that the ISP did not take me offline. Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On 9/3/07, Lance Peterson [EMAIL PROTECTED] wrote: Hadn't thought about it being a FreeBSD problem with limited driver support for common home user NIC's. That very well may be the problem, in my case. Fortunately, I didn't have to buy new, higher level NIC's to get my Linux firewall up and running without connection issues. Good for you, now can we get back on topic please? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Bill Marquette wrote: On 9/3/07, Lance Peterson [EMAIL PROTECTED] wrote: Hadn't thought about it being a FreeBSD problem with limited driver support for common home user NIC's. That very well may be the problem, in my case. Fortunately, I didn't have to buy new, higher level NIC's to get my Linux firewall up and running without connection issues. Good for you, now can we get back on topic please? hah.. indeed. For the record, I've had no worse or better luck with Linux and crap NIC's than FreeBSD, Windows, or any other OS. Lance, get a clue and some tact while you're at it, some hardware just sucks no matter what you run on it. Of course FreeBSD isn't immune to driver bugs, just like every other OS, but I use Windows and Linux as much as FreeBSD and of the three, only Windows has measurably less hardware problems. Most hardware I have that doesn't work right in FreeBSD doesn't work right in Linux either, and vice versa. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Bill Marquette wrote: I have two connections to Comcast through two different modems (their voip capable modem and their business modem - static IPs) at my house and have _never_ had an issue with the connection. The Comcast user with issues is likely a hardware issue. I didn't realize somebody on Comcast hijacked this thread. There is a problem specific to one .NZ ISP and at least one if not a couple of the people seeing it replied earlier in the thread. What I posted about earlier re: the trace was specific to this ISP in New Zealand. There does seem to be some sort of problem with dropping offline if you have two NIC's plugged into the same broadcast domain. Since cable ISP's use absurdly huge broadcast domains, if you have multiple cable modems, unless they're drastically different like a business vs. residential, you're going to have two interfaces on the same broadcast domain. I have no idea what that problem is, haven't had a chance to try to replicate it. But I recall a couple people in the forum reporting a problem where it seemed to be narrowed down to this, and now I guess somebody in this thread is another. But these are two very different issues. The .NZ users are seeing issues with single WAN connections. I'm not sure I have anything more to add to David's issue though - it's obviously not hardware. Question for Chris on the trace. Does it show the upstream router sending arp requests for the local IP and getting a response? Not sure if there's a way to force a gratuitous arp in FreeBSD without installing some third party tool like nemesis, but that might be worth looking at I 'spose. I don't think I saw any for the public IP on the system itself, but I assume it's likely in the router's ARP cache. I don't have the trace handy at the moment, I'll look later. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Tuesday, September 04, 2007 8:11 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I haven't closely followed this particular thread, but a couple months back I got some pcap files from one of the people with this issue. It got buried in my inbox, and I never got back around to it until now. The capture from that time, with the same issue, shows ARP working fine, traffic going out fine, but it never sees any responses. SYN's go out and never see a SYN ACK, ICMP echo requests go out and never see a reply. As is typical with cable modems, there were over 100,000 ARP requests are replies in the capture (with a couple dozen non-ARP frames). So I have no idea what's happening - it definitely looks like an ISP issue since the traffic is going out properly and never sees replies, ARP is working fine, and the cable modem is obviously up and the NIC is receiving traffic from it fine given the amount of ARP frames in the capture. Rebooting does temporarily fix it, which makes absolutely no sense. Given that it's limited to this one particular ISP, and there doesn't seem to be any other ISP in the world that has the same problem, it definitely looks like something strange with their network. The captures don't show anything to indicate what that might be. Tortise wrote: Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - *From:* Sean Cavanaugh mailto:[EMAIL PROTECTED] *To:* support@pfsense.com mailto:support@pfsense.com *Sent:* Tuesday, September 04, 2007 8:11 AM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - *From:* Lance Peterson mailto:[EMAIL PROTECTED] *To:* support@pfsense.com mailto:support@pfsense.com *Sent:* Monday, September 03, 2007 2:28 PM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, *Bill Marquette* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I have two connections to Comcast through two different modems (their voip capable modem and their business modem - static IPs) at my house and have _never_ had an issue with the connection. The Comcast user with issues is likely a hardware issue. I'm not sure I have anything more to add to David's issue though - it's obviously not hardware. Question for Chris on the trace. Does it show the upstream router sending arp requests for the local IP and getting a response? Not sure if there's a way to force a gratuitous arp in FreeBSD without installing some third party tool like nemesis, but that might be worth looking at I 'spose. --Bill On 9/3/07, Sean Cavanaugh [EMAIL PROTECTED] wrote: David, sorry, I was referencing Lance in my response. Personally I am using a Dlink DCM-202 on my comcast service. I also have it set up at another persons house running on the small square ?motorola? cable modem with no issues (actually used it to replace a crappy linksys router) also on comcast but in a different county/service area. -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Monday, September 03, 2007 4:33 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Tuesday, September 04, 2007 8:11 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Hadn't thought about it being a FreeBSD problem with limited driver support for common home user NIC's. That very well may be the problem, in my case. Fortunately, I didn't have to buy new, higher level NIC's to get my Linux firewall up and running without connection issues. On 9/3/07, Sean Cavanaugh [EMAIL PROTECTED] wrote: considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - *From:* Lance Peterson [EMAIL PROTECTED] *To:* support@pfsense.com *Sent:* Monday, September 03, 2007 2:28 PM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Few ISPs (especially home users offers) reset their connection every 24h. I don't live in New Zealand, so I don't know Telstraclear Network, but are you really sure is it an equipment issue or a line problem (e.g. interferences, etc...)? If you can, try another cable modem. Bye! --- Tortise [EMAIL PROTECTED] wrote: I was not surprised that the Motorola 5100 cable modem on the Telstraclear Network in New Zealand also lost connectivity within the first 24 hours of operation. For pfSense the 5100 seems no more compatible than the 5101. Given there seem to be no reports of people having problems on other networks with these modems, what is it about the Telstraclear cable network? Kind regards David Hingston ___ Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On 9/2/07, tester [EMAIL PROTECTED] wrote:
Few ISPs (especially home users offers) reset their
connection every 24h. I don't live in New Zealand, so
I don't know Telstraclear Network, but are you really
sure is it an equipment issue or a line problem (e.g.
interferences, etc...)?
If you can, try another cable modem.
I think you missed the first half dozen messages in this thread. The
cable modem has been replaced (and others on Telstraclear have had the
same issue apparently). Most likely it's some wierd dhcp lease
expiration or MAC expiration. Although, unlikely to be MAC expiration
if the icmp polling isn't keeping the mac tables fresh.
This is DHCP right? Check out /var/db/dhclient.leases.*
lease {
interface sis0;
fixed-address 24.1.x.x;
option subnet-mask 255.255.254.0;
option routers 24.1.66.1;
option domain-name-servers 68.87.72.130,68.87.77.130;
option host-name topell;
option domain-name hsd1.il.comcast.net.;
option broadcast-address 255.255.255.255;
option dhcp-lease-time 345600;
option dhcp-message-type 5;
option dhcp-server-identifier 68.87.72.44;
renew 2 2007/9/4 06:43:38;
rebind 3 2007/9/5 18:43:38;
expire 4 2007/9/6 06:43:38;
}
It'd be interesting to see what the lease times are.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Thanks Bill
They are static IP's, so I assume (you may know better?) DHCP lease times are
(or should be?) irrelevant.
Not sure if this what you mean but this might answer?
$ ls /var/db/
entropy
ipsecpinghosts
pingmsstatus
pingstatus
pkg
rrd
Kind regards
David Hingston
- Original Message -
From: Bill Marquette [EMAIL PROTECTED]
To: support@pfsense.com
Sent: Monday, September 03, 2007 3:58 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M RAM
On 9/2/07, tester [EMAIL PROTECTED] wrote:
Few ISPs (especially home users offers) reset their
connection every 24h. I don't live in New Zealand, so
I don't know Telstraclear Network, but are you really
sure is it an equipment issue or a line problem (e.g.
interferences, etc...)?
If you can, try another cable modem.
I think you missed the first half dozen messages in this thread. The
cable modem has been replaced (and others on Telstraclear have had the
same issue apparently). Most likely it's some wierd dhcp lease
expiration or MAC expiration. Although, unlikely to be MAC expiration
if the icmp polling isn't keeping the mac tables fresh.
This is DHCP right? Check out /var/db/dhclient.leases.*
lease {
interface sis0;
fixed-address 24.1.x.x;
option subnet-mask 255.255.254.0;
option routers 24.1.66.1;
option domain-name-servers 68.87.72.130,68.87.77.130;
option host-name topell;
option domain-name hsd1.il.comcast.net.;
option broadcast-address 255.255.255.255;
option dhcp-lease-time 345600;
option dhcp-message-type 5;
option dhcp-server-identifier 68.87.72.44;
renew 2 2007/9/4 06:43:38;
rebind 3 2007/9/5 18:43:38;
expire 4 2007/9/6 06:43:38;
}
It'd be interesting to see what the lease times are.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I was not surprised that the Motorola 5100 cable modem on the Telstraclear Network in New Zealand also lost connectivity within the first 24 hours of operation. For pfSense the 5100 seems no more compatible than the 5101. Given there seem to be no reports of people having problems on other networks with these modems, what is it about the Telstraclear cable network? Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I think we may have got this fixed, (all be it as a Kludge?) Essentially the fix is to ping the static IP's first hop, if this is down then flick the WAN NIC state down and up, this restores the lost connection where the motorola 5101 has stopped sending packets (presumably for some incompatibility reason) The motorola 5101 has today been replaced with a 5100, the ISP tell me most commercial lines are running the 5100 as they say it is more router compatible than the newer 5101. I'll advise if the 5100 exhibits the same behaviour(!) however if it does the following should address it within a minute. If you are copying it be sure to copy it exactly as spaces in the wrong place stuff it upetc!! For both the lists and my record it is done by: = in /etc/crontab add */1 * * * * root /usr/bin/pinger.sh = from edit.php create / write into new file /usr/bin/pinger.sh #!/bin/sh ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1 if [ $? -eq 2 ]; then ifconfig em0 down ifconfig em0 up echo 'Gateway Down' else echo 'Gateway Up' fi = from exec.php run chmod u+x /usr/bin/pinger.sh = from exec.php run ls -l /usr/bin/pinger.sh and check there is an x in the file permissions (for executable) It will have run when you see a log series of commands starting with Sep 1 11:32:13 kernel: em0: link state changed to UP Sep 1 11:32:11 kernel: em0: link state changed to DOWN The only problem I see with this approach is that whenever the Internet is down for whatever reason the WAN interface is going to be disconnected and reconnected every minute, as well as filling the logs with this info, but that seems only of concern from the perspective of filling the log with rubbish. I might tinker with it to send me an email to advise me when the code has also run . Whilst we could have changed to a different router (non freebsd) I really like the pfsense and its monowall heritage, and wanted to give back something by solving this problem in some sort of gratitude and small contribution, I hope this helps someone and goes in some small way to contribute to what is a great piece of software - and the leaders and community behind it. Thanks to Vivek, Sean, Bill, Raj, Paul and others also! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Thank you Paul We are awaiting the ISP replacing the cable modem. I think your suggestion is interesting but probably not the explanation in our case. A number of people have tried multiple NIC's on different hardware (myself included) and still experienced the same problem. If the replaced modem does not fix the problem I will however try anything! Kind regards David Hingston - Original Message - From: Paul M [EMAIL PROTECTED] To: support@pfsense.com Sent: Tuesday, August 28, 2007 10:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Tortise wrote: Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? the script to fix it is here: http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages to use this fix on our pfsense box, I booted a linux rescue disk (suse 10.2 cd 1 as it happened) and downloaded and ran the script mentioned here: this might or might not help... good luck! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Dear List
Until we find a permanent solution it seems I may be able to do a temporary fix.
Firstly I note that during a download I can run
ifconfig em0 down; ifconfig em0 up
without apparently interrupting the download! This fixes the problem - until
it occurs again. Looking around (using Google and
Diagnostics: Edit File ) it seems I may be able to edit this file /etc/crontab
thus:
{start}
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hourmdaymonth wdaywho command
#
#
# pfSense specific crontab entries
# Created: August 26, 2007, 7:50 am
#
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
virusprot
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/300 * * * * root /usr/local/sbin/reset_slbd.sh
#DH Addition Start
# Hopefully his will run every minunte
#ping returns 1 when successful
#run ping to the first hop gateway (a.b.c.1) , if it fails run the fix...
*/1 * * * * root if (ping -c1 a.b.c.1 != 1) then ifconfig em0 down; ifconfig
em0 up endif
#DH Addition End
#
# If possible do not add items to this file manually.
# If you do so, this file must be terminated with a blank line (e.g. new line)
#
{end}
Is this correct syntax? Can I just paste it into the window and save it?
Anything else needed?
The immediate goal here is to be able to continue remote terminal sessions and
keep the site up! (Or be able to log back in within
a minute, instead of having to wait maybe hours until someone is on site to fix
it...)
Any guidance would be greatly appreciated.
Kind regards
David Hingston
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On Aug 29, 2007, at 6:20 AM, Tortise wrote: we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? I've not had any issues with Intel NICs across several dozen FreeBSD systems of varying vintage (from the 10/100 fxp devices thru the 1Gb em devices). Broadcom NICs on the other hand have been mostly nothing but trouble until the most recent FreeBSD releases. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Tortise wrote: Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? the script to fix it is here: http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages to use this fix on our pfsense box, I booted a linux rescue disk (suse 10.2 cd 1 as it happened) and downloaded and ran the script mentioned here: this might or might not help... good luck! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Vivek Interesting. That restores the connection. (I initially did it on the LAN, but reconnected the LAN and did the same with the WAN, as soon as ifconfig XXX up was run it was up again.) What does that tell us? For the record I am now running RC2 on two sites, the other remains stable (as it has been for years...) curiously it is on a different ISP and ~50M wireless tunnel. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Saturday, August 25, 2007 7:22 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 23, 2007, at 3:15 PM, Tortise wrote: Why would rebooting pfsense fix that? Perhaps cause the modem to re-negotiate its connection? Cause the ISP end to wake up? what if you just force pfsense to bring down and back up your WAN port? ifconfig XXX down; ifconfig XXX up where XXX is your wan ethernet device name, such as em1 or fxp1.
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Aug 27, 2007, at 4:58 AM, Tortise wrote: That restores the connection. (I initially did it on the LAN, but reconnected the LAN and did the same with the WAN, as soon as ifconfig XXX up was run it was up again.) What does that tell us? the NIC's don't like each other. replace one or both of the NICs for your pfsense box or your cable modem. i'd vote to replace the cable modem.
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Aug 23, 2007, at 3:15 PM, Tortise wrote: Why would rebooting pfsense fix that? Perhaps cause the modem to re-negotiate its connection? Cause the ISP end to wake up? what if you just force pfsense to bring down and back up your WAN port? ifconfig XXX down; ifconfig XXX up where XXX is your wan ethernet device name, such as em1 or fxp1.
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Dear List Initial analysis of Non ARP traffic shows packets presumably going both ways from and to my static IP. Suddenly the to my static IP packets just stop. The From packets continue, suggesting to me pfsense remains functional and a block is occurring at the modem, as if it has lost the plot. Why would rebooting pfsense fix that? Perhaps cause the modem to re-negotiate its connection? Cause the ISP end to wake up? Why would rebooting the modem on its own not fix it? Does this help at all? Kind regards David Hingston - Original Message - From: Tortise To: support@pfsense.com Sent: Wednesday, August 22, 2007 11:34 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Thanks Vivek This hub was placed between the cable modem and the WAN for data capture purposes only, prior was just a direct patch cable connection, no apparent need for a switch/hub intermediary as the Motorola seems to accept direct and crossover cables, at least I have not tried a cross over cableseemed no need, as (I assumed) either it will work completely or not at all...at that level...but any assumption is dangerous I guess... I also expected a direct link took away one potential source of problems. Since my last post it has now misbehaved, with the hub in place, I have caught it all into a 1G (!) file, however I need to figure out how to split it up to inspect now At least it won't all load up into wireshark, even with 4G of RAM It crashes when the RAM is consumed - at about halfway through the file! When I have some more time I'll see if it will load up without the ARP data. I am hoping the times coincide well enough, I know the stop and reboot times Interestingly it commonly occurs when a remote terminal session is running, but not always. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Wednesday, August 22, 2007 10:30 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Vivek This hub was placed between the cable modem and the WAN for data capture purposes only, prior was just a direct patch cable connection, no apparent need for a switch/hub intermediary as the Motorola seems to accept direct and crossover cables, at least I have not tried a cross over cableseemed no need, as (I assumed) either it will work completely or not at all...at that level...but any assumption is dangerous I guess... I also expected a direct link took away one potential source of problems. Since my last post it has now misbehaved, with the hub in place, I have caught it all into a 1G (!) file, however I need to figure out how to split it up to inspect now At least it won't all load up into wireshark, even with 4G of RAM It crashes when the RAM is consumed - at about halfway through the file! When I have some more time I'll see if it will load up without the ARP data. I am hoping the times coincide well enough, I know the stop and reboot times Interestingly it commonly occurs when a remote terminal session is running, but not always. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Wednesday, August 22, 2007 10:30 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Sean I'd like to update... I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Given the data volumes captured (about 100M an hour!) this has proven necessary on a relatively capable box - I am now using a P4 3000 with 2G of RAM. 4.5 hours of data can take 30 mins to load, once capturing all is completed! The ISP tell me the Motorola SB5101 is less compatible with some routers than the SB5100. They are swapping these over, however one of my colleagues with the same problem was running SB5100 I am therefore sceptical that this will fix it. They also mentioned that they are aware there some issues with their network which they are planning to address by an upgrade in the coming months, for what that is worth Perhaps the wireshark data might shed some light on these issues!? Is the pfSense Diagnostics command Packet Capture of any relevance to me? I presume it will write the results to RAM, which, even at 384M will have a time limit that it can storeand then? (Several hours) I assume it does not do last in first out? (Which would be preferable for me at least) I will keep monitoring Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Saturday, August 18, 2007 1:35 AM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M I actually turned the block private networks off on mine because my ISP passes a 192.168.x.x address when i initially apply for a DHCP, but if you get a static IP, then its a non-issue. realistically, to truly find the absolute reason, you would have to tcpdump on the modem and pfsense at the same time to see what its doing/not doing, and I don't see that happening. only other thing I can think of is run a hub between the modem and pfsense and throw another computer with a packet capture/wireshark on it to see if there are any reasons in the packets (route not found,incorrect MTU, Need fragmentation set, etc.) why its not getting past the modem. -Sean Date: Fri, 17 Aug 2007 23:38:58 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean im really thinking it’s a modem problem or something with the IP that is assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config page even if internet access is unavailable kind of confirms it. It does tend to suggest that maybe pfsense is not the problem, butwhy the need to reboot pfsense? It is almost like a keep alive situation has failed... Incidentally VOIP and a webserver, amongst other things, run behind pfsense, it is getting ample traffic to keep alive! conecting another computer to the modem, I'm taking it, would get a DHCP address that is different from pfsense. No, it is a static address situation, the windows PC's NIC is configured with the same static IP, DNS and gateway to connect up, and it does... playing devils advocate. I know that you have reinstalled pfsense freshly on the box to try and resolve that. did you rebuild the config from scratch or just import it back in. Yes have run up multiple versions, using both CD and also embedded version on CF media. Makes it easy to swap scenarios! I am currently running the latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and even did a compare with the previous XML using Winmerge. There were many differences, but none of them seemed like they might be significant, XML is XML when its compliantbut...anyway it didn't seem to make any difference. Same problems occurred in the last stable version and 1.00 as well I recall. also is your internet IP static or DHCP. As above, static! and do you have the Block private networks option turned on for the WAN interface on your box Yes, is a default setting I think, not been played with. Bogons is unchecked, I suppose this might be better checked? I talked with the ISP tonight. They couldn't confirm what the MTU should be, (I was not surprised) so I have to assume default. The party line is we support Windows Hook ups and that's about all. I have opened a (nother) ticket and requested a call from their network engineer, apparently a senior technician is going to call me. Many thanks for continuing to work with me on this conundrum! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 11:07 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can see it. They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
im really thinking it's a modem problem or something with the IP that is assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config page even if internet access is unavailable kind of confirms it. conecting another computer to the modem, I'm taking it, would get a DHCP address that is different from pfsense. playing devils advocate. I know that you have reinstalled pfsense freshly on the box to try and resolve that. did you rebuild the config from scratch or just import it back in. also is your internet IP static or DHCP. and do you have the Block private networks option turned on for the WAN interface on your box -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Friday, August 17, 2007 4:07 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can see it. They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean im really thinking it's a modem problem or something with the IP that is assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config page even if internet access is unavailable kind of confirms it. It does tend to suggest that maybe pfsense is not the problem, butwhy the need to reboot pfsense? It is almost like a keep alive situation has failed... Incidentally VOIP and a webserver, amongst other things, run behind pfsense, it is getting ample traffic to keep alive! conecting another computer to the modem, I'm taking it, would get a DHCP address that is different from pfsense. No, it is a static address situation, the windows PC's NIC is configured with the same static IP, DNS and gateway to connect up, and it does... playing devils advocate. I know that you have reinstalled pfsense freshly on the box to try and resolve that. did you rebuild the config from scratch or just import it back in. Yes have run up multiple versions, using both CD and also embedded version on CF media. Makes it easy to swap scenarios! I am currently running the latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and even did a compare with the previous XML using Winmerge. There were many differences, but none of them seemed like they might be significant, XML is XML when its compliantbut...anyway it didn't seem to make any difference. Same problems occurred in the last stable version and 1.00 as well I recall. also is your internet IP static or DHCP. As above, static! and do you have the Block private networks option turned on for the WAN interface on your box Yes, is a default setting I think, not been played with. Bogons is unchecked, I suppose this might be better checked? I talked with the ISP tonight. They couldn't confirm what the MTU should be, (I was not surprised) so I have to assume default. The party line is we support Windows Hook ups and that's about all. I have opened a (nother) ticket and requested a call from their network engineer, apparently a senior technician is going to call me. Many thanks for continuing to work with me on this conundrum! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 11:07 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Friday, August 17, 2007 4:07 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can see it. They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware
RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
I actually turned the block private networks off on mine because my ISP passes a 192.168.x.x address when i initially apply for a DHCP, but if you get a static IP, then its a non-issue. realistically, to truly find the absolute reason, you would have to tcpdump on the modem and pfsense at the same time to see what its doing/not doing, and I don't see that happening. only other thing I can think of is run a hub between the modem and pfsense and throw another computer with a packet capture/wireshark on it to see if there are any reasons in the packets (route not found,incorrect MTU, Need fragmentation set, etc.) why its not getting past the modem. -Sean Date: Fri, 17 Aug 2007 23:38:58 +1200From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean im really thinking it’s a modem problem or something with the IP that is assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config page even if internet access is unavailable kind of confirms it. It does tend to suggest that maybe pfsense is not the problem, butwhy the need to reboot pfsense? It is almost like a keep alive situation has failed... Incidentally VOIP and a webserver, amongst other things, run behind pfsense, it is getting ample traffic to keep alive! conecting another computer to the modem, I'm taking it, would get a DHCP address that is different from pfsense. No, it is a static address situation, the windows PC's NIC is configured with the same static IP, DNS and gateway to connect up, and it does... playing devils advocate. I know that you have reinstalled pfsense freshly on the box to try and resolve that. did you rebuild the config from scratch or just import it back in. Yes have run up multiple versions, using both CD and also embedded version on CF media. Makes it easy to swap scenarios! I am currently running the latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and even did a compare with the previous XML using Winmerge. There were many differences, but none of them seemed like they might be significant, XML is XML when its compliantbut...anyway it didn't seem to make any difference. Same problems occurred in the last stable version and 1.00 as well I recall. also is your internet IP static or DHCP. As above, static! and do you have the Block private networks option turned on for the WAN interface on your box Yes, is a default setting I think, not been played with. Bogons is unchecked, I suppose this might be better checked? I talked with the ISP tonight. They couldn't confirm what the MTU should be, (I was not surprised) so I have to assume default. The party line is we support Windows Hook ups and that's about all. I have opened a (nother) ticket and requested a call from their network engineer, apparently a senior technician is going to call me. Many thanks for continuing to work with me on this conundrum! Kind regardsDavid Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 11:07 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Friday, August 17, 2007 4:07 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can see it. They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regardsDavid Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Sean, Having googled a bit I am running up Kubuntu on an old box with wireshark. I assume it will run without an IP assignment from the hub, using the NIC's promiscous mode? (Probably no DHCP running and can't use my static IP!) I appreciate the your directional overview, I will let you know what transpires in due course. Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Saturday, August 18, 2007 1:35 AM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M I actually turned the block private networks off on mine because my ISP passes a 192.168.x.x address when i initially apply for a DHCP, but if you get a static IP, then its a non-issue. realistically, to truly find the absolute reason, you would have to tcpdump on the modem and pfsense at the same time to see what its doing/not doing, and I don't see that happening. only other thing I can think of is run a hub between the modem and pfsense and throw another computer with a packet capture/wireshark on it to see if there are any reasons in the packets (route not found,incorrect MTU, Need fragmentation set, etc.) why its not getting past the modem. -Sean Date: Fri, 17 Aug 2007 23:38:58 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean im really thinking it’s a modem problem or something with the IP that is assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config page even if internet access is unavailable kind of confirms it. It does tend to suggest that maybe pfsense is not the problem, butwhy the need to reboot pfsense? It is almost like a keep alive situation has failed... Incidentally VOIP and a webserver, amongst other things, run behind pfsense, it is getting ample traffic to keep alive! conecting another computer to the modem, I'm taking it, would get a DHCP address that is different from pfsense. No, it is a static address situation, the windows PC's NIC is configured with the same static IP, DNS and gateway to connect up, and it does... playing devils advocate. I know that you have reinstalled pfsense freshly on the box to try and resolve that. did you rebuild the config from scratch or just import it back in. Yes have run up multiple versions, using both CD and also embedded version on CF media. Makes it easy to swap scenarios! I am currently running the latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and even did a compare with the previous XML using Winmerge. There were many differences, but none of them seemed like they might be significant, XML is XML when its compliantbut...anyway it didn't seem to make any difference. Same problems occurred in the last stable version and 1.00 as well I recall. also is your internet IP static or DHCP. As above, static! and do you have the Block private networks option turned on for the WAN interface on your box Yes, is a default setting I think, not been played with. Bogons is unchecked, I suppose this might be better checked? I talked with the ISP tonight. They couldn't confirm what the MTU should be, (I was not surprised) so I have to assume default. The party line is we support Windows Hook ups and that's about all. I have opened a (nother) ticket and requested a call from their network engineer, apparently a senior technician is going to call me. Many thanks for continuing to work with me on this conundrum! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 11:07 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Friday, August 17, 2007 4:07 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can see
[pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on both lists, I have refrained. (Is this correct?) It suggests to me there is something about our ISP which is a problem, perhaps their hardware or perhaps something about their traffic. Clearly this should not be the case, but the onus falls on us (rightly or wrongly) to prove this. It also suggests to me there is a vulnerability in FreeBSD as the problem occurs in both Monowall and pfSense with this cable ISP. I'd prefer my firewall not need random rebooting. We'd all like to help within our power and ability to move this forwards as FreeBSD and its children (pfSense and Monowall) are largely fantastic! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on both lists, I have refrained. (Is this correct?) It suggests to me there is something about our ISP which is a problem, perhaps their hardware or perhaps something about their traffic. Clearly this should not be the case, but the onus falls on us (rightly or wrongly) to prove this. It also suggests to me there is a vulnerability in FreeBSD as the problem occurs in both Monowall and pfSense with this cable ISP. I'd prefer my firewall not need random rebooting. We'd all like to help within our power and ability to move this forwards as FreeBSD and its children (pfSense and Monowall) are largely fantastic! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Recharge--play some free games. Win cool prizes too! http://club.live.com/home.aspx?icid=CLUB_wlmailtextlink
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. From memory I can ping the cable modem from the LAN and still view its page, but that is as far as it will go. I'll check these again next time it happens sometime in the next two weeks! Pretty sure I can no longer ping the WAN's static IP from the Net (Having created an allow ping rule) and the pfSense ping page does not get responses from anything on the net beyond the cable modem.Is that internal? are you sure you are running the correct MTU settings on the interface? Using default setting here. Not aware they are not standard, but will check with the ISP. I suspect the ISP is doing something funny, but even if so pfSense should remain immune to it? I can def see why you would want to run TCPDump on the box now. Thanks Sean! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on both lists, I have refrained
RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
if you can get to the cable modem and no farther, that sounds like its a problem with the modem and not the pfsense box. i know my first cable modem started locking up where i had to power cycle it every few days to get it to work again but it gave a visual indication with its status lights that there was a problem. you might want to see about getting that replaced with a new modem and maybe having a tech come out to verify that the signal level is where it should be. too low and it will cut out, too high and it will fry the modem. -Sean Date: Thu, 16 Aug 2007 23:59:31 +1200From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. From memory I can ping the cable modem from the LAN and still view its page, but that is as far as it will go. I'll check these again next time it happens sometime in the next two weeks! Pretty sure I can no longer ping the WAN's static IP from the Net (Having created an allow ping rule) and the pfSense ping page does not get responses from anything on the net beyond the cable modem.Is that internal? are you sure you are running the correct MTU settings on the interface? Using default setting here. Not aware they are not standard, but will check with the ISP. I suspect the ISP is doing something funny, but even if so pfSense should remain immune to it? I can def see why you would want to run TCPDump on the box now. Thanks Sean!Kind regardsDavid Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with = 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
if you can get to the cable modem and no farther, that sounds like its a problem with the modem and not the pfsense box. Yes, that was initially suspected and has been investigated to the max. i know my first cable modem started locking up where i had to power cycle it every few days to get it to work again but it gave a visual indication with its status lights that there was a problem. you might want to see about getting that replaced with a new modem and maybe having a tech come out to verify that the signal level is where it should be. too low and it will cut out, too high and it will fry the modem. All this has been done, signal verified, we have a signal attenuator that makes for the perfect signal level, this can and is be checked from the modem web interface. To be sure the modem was also replaced. Power cycling the modem makes no difference. A notebook can be connected and browse the web from the modem during these occasions. The ISP can see the modem during these occasions and verifies it is fine. As three users of the same ISP are having problems user hardware is largely eliminated as the problem. (ISP hardware isn't though) Rebooting pfsense re-establishes LAN - WAN connectivity. This is repeatedly proven to restore connectivity - when nothing else has been done. The pfsense hardware has all been completely swapped out. The modem and pfsense run on a quality UPS. The only remaining possible explanations is some peculiar web traffic and/or pfsense software vulnerability. (MTU to be confirmed, I doubt this to be the issue, if it were I think it would be much more of a problem?) How does one track this down? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 12:54 AM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M if you can get to the cable modem and no farther, that sounds like its a problem with the modem and not the pfsense box. i know my first cable modem started locking up where i had to power cycle it every few days to get it to work again but it gave a visual indication with its status lights that there was a problem. you might want to see about getting that replaced with a new modem and maybe having a tech come out to verify that the signal level is where it should be. too low and it will cut out, too high and it will fry the modem. -Sean Date: Thu, 16 Aug 2007 23:59:31 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. From memory I can ping the cable modem from the LAN and still view its page, but that is as far as it will go. I'll check these again next time it happens sometime in the next two weeks! Pretty sure I can no longer ping the WAN's static IP from the Net (Having created an allow ping rule) and the pfSense ping page does not get responses from anything on the net beyond the cable modem.Is that internal? are you sure you are running the correct MTU settings on the interface? Using default setting here. Not aware they are not standard, but will check with the ISP. I suspect the ISP is doing something funny, but even if so pfSense should remain immune to it? I can def see why you would want to run TCPDump on the box now. Thanks Sean! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- Date: Thu, 16 Aug 2007 19:32:25 +1200 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Buy hardware that's
