RE: [pfSense Support] pfSense Hanging...
On Sat, 2007-06-30 at 17:46 +1200, Alick Wilson wrote: Gentlemen My pfSense router WAN connection continues to hang from time to time, both 1.0.1 and 1.2 Beta 1. In the past I've recovered by rebooting pfSense (and doing nothing to the Motorola Surfboard cable modem which according to its LEDs is operating normally). This time I tried Diagnostics / States /Reset States and service resumed. I hope this might help diagnosis. That makes it sound like state table exhaustion. What is your state table size, and how big is it when this happens? If you increase it, does the problem go away? (if it's at the default 10,000 and you have at least 128 MB RAM, you should be able to bump it to at least 30,000 with no adverse affects) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On 6/30/07, Chris Buechler [EMAIL PROTECTED] wrote: On Sat, 2007-06-30 at 17:46 +1200, Alick Wilson wrote: Gentlemen My pfSense router WAN connection continues to hang from time to time, both 1.0.1 and 1.2 Beta 1. In the past I've recovered by rebooting pfSense (and doing nothing to the Motorola Surfboard cable modem which according to its LEDs is operating normally). This time I tried Diagnostics / States /Reset States and service resumed. I hope this might help diagnosis. That makes it sound like state table exhaustion. What is your state table size, and how big is it when this happens? If you increase it, does the problem go away? (if it's at the default 10,000 and you have at least 128 MB RAM, you should be able to bump it to at least 30,000 with no adverse affects) I think that the state table is 100,000 by default - this is huge. With 256MB I can up this to 200,000 with no problems. Is your WAN ip static or DHCP? My cable ISP (motorola surfboard modem) gives me no end of grief with DHCP. sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On Sat, 2007-06-30 at 23:31 +0500, sai wrote: I think that the state table is 100,000 by default - this is huge. With 256MB I can up this to 200,000 with no problems. It's 10,000 by default, which isn't difficult to exhaust. If you actually had near 200,000 states, you would probably be swapping to disk (or close to it) with 256 MB RAM. States take about 1 KB RAM each, so if you had 200,000 you would only have about 60 MB RAM for the OS and other services. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On Tue 05 Jun 2007 14:10:14 NZST +1200, Chris Buechler wrote: I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. This is the case. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Can't confirm DOCSIS, but chances are yes. Thanks for your many suggestions, Chris! Next time this occurs I'll go through your list. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? Is this different to powering down the cablemodem for 20s? If not, it does not bring the WAN connection back to life. Powering down the modem (as in pull the power plug) is the first thing I tried. Turns out both of us with this problem are in the same country, so same Telco + ISP. Btw there was a scheduled outage in Christchurch last night - for that one half the modem lights were off and it's not the problem this thread is about. The Telco is about as you describe with zero customer support, but I have to say that the ISP's technical help has always been very good (and they know about Linux). Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On Tue 05 Jun 2007 13:10:21 NZST +1200, Scott Ullrich wrote: Visit status - Interfaces when this happens. Do you have an IP address assigned? I would assume so as the WAN interface is configured with a static IP address, but I'll check next time. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
This is a shot in the dark, but is there a chance that you're on a PPPoE (or similar) connection, even with a statically assigned IP? Is there a chance that your connection becomes dormant enough for your ISP to time out your connection, obligating you to re-dial? Tortise wrote: Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it hangs, what exactly do you mean? There are tons of possibilities for hangs. Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
It occurred again this morning. From the LAN and the Serial pfSense Console I can ping the LAN NIC, as well as the Motorola Modem on 192.168.100.1 From the LAN and Console I can also ping the static IP on the WAN in form of a.b.c.x but I cannot ping the ISP or a.b.c.1. Rebooting pfSense fixes all this, restores Internet access and allows pings to a.b.c.1 and the ISP again. The modem lights remain on and I do nothing else to fix it. I do not think it is PPPoE, but will check it out, there is no dialling involved with password that I am aware of, unless this is ISP configured in the setup they send the modem, in any event the modem is still functioning with all lights up. There is a web server which has varying low volume activity and I am also recording pings every 30s to the ISP, to keep a record when it all goes down. I don't think the modem is timing out due inactivity. Also it occurs during terminal sessions, which is infuriating, as one might imagine! Sometimes outages are ISP caused and they have extensively looked at the setup, recut cable ends etc. and they also suspect my firewall. Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:59 PM Subject: Re: [pfSense Support] pfSense Hanging... Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it hangs, what exactly do you mean? There are tons of possibilities for hangs. Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Visit status - Interfaces when this happens. Do you have an IP address assigned? Scott On 6/4/07, Tortise [EMAIL PROTECTED] wrote: It occurred again this morning. From the LAN and the Serial pfSense Console I can ping the LAN NIC, as well as the Motorola Modem on 192.168.100.1 From the LAN and Console I can also ping the static IP on the WAN in form of a.b.c.x but I cannot ping the ISP or a.b.c.1. Rebooting pfSense fixes all this, restores Internet access and allows pings to a.b.c.1 and the ISP again. The modem lights remain on and I do nothing else to fix it. I do not think it is PPPoE, but will check it out, there is no dialling involved with password that I am aware of, unless this is ISP configured in the setup they send the modem, in any event the modem is still functioning with all lights up. There is a web server which has varying low volume activity and I am also recording pings every 30s to the ISP, to keep a record when it all goes down. I don't think the modem is timing out due inactivity. Also it occurs during terminal sessions, which is infuriating, as one might imagine! Sometimes outages are ISP caused and they have extensively looked at the setup, recut cable ends etc. and they also suspect my firewall. Kind regards David Hingston - Original Message - From: Tortise [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:59 PM Subject: Re: [pfSense Support] pfSense Hanging... Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it hangs, what exactly do you mean? There are tons of possibilities for hangs. Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On Tue 05 Jun 2007 12:51:04 NZST +1200, Volker Kuhlmann wrote: [..] When the packets stop going to the ISP there is no indication with the modem lights that anything is wrong. Curiously the RRD graphs keep showing unabated traffic on the WAN interface. There is nothing I can see the new modem's web pages how the connection to the ISP is made. I'd also be interested in a solution to this. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Visit status - Interfaces when this happens. Do you have an IP address assigned? Scott On 6/4/07, Volker Kuhlmann [EMAIL PROTECTED] wrote: On Tue 05 Jun 2007 12:51:04 NZST +1200, Volker Kuhlmann wrote: [..] When the packets stop going to the ISP there is no indication with the modem lights that anything is wrong. Curiously the RRD graphs keep showing unabated traffic on the WAN interface. There is nothing I can see the new modem's web pages how the connection to the ISP is made. I'd also be interested in a solution to this. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
On Tue, 2007-06-05 at 12:51 +1200, Volker Kuhlmann wrote: I am having exactly the same problem. pfSense 1...? RC1 (I think) on a jokebox with 64MB RAM, so I replaced the box and all NICs with something bigger, running pfSense 1 final (from Dec 06). Hosts on the DMZ remain reachable from LAN, Motorola cable modem (since replaced with a newer model) is reachable from the LAN via the WAN interface, proving there is no hardware fault. ISP's gateway is not rechable from LAN or the pfSense machine. Everything looks as if the cable service has gone down, except that I am certain it has not - each time I reboot the pfsense machine, and Internet connectivity is back immediately. First, if you're not running 1.2b1, you should try it. I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a constant ping to your WAN gateway from your LAN, try to access websites, etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then you can use the webGUI to download that 'capture.pcap' file, or scp it off to another host. Send it to me via email and I should be able to see what's happening on the wire. At this point, without that, it's anybody's guess as to what's happening. If your cable company is twice as competent as our local cable company here, they'd still be completely inept. In other words, I wouldn't rule out a weird network issue on their end. Scott and I spent countless hours tracking down a really screwy issue that turned out to be something they screwed up on their network, when they claimed repeatedly they hadn't changed anything and it was a firewall problem. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Below, I think I confused two people since two posted to this thread. Both seem to be using cable, and at least the first has a static IP. The advice below is meant for the person with the static IP. The one I actually replied to, I don't believe you stated if you were using DHCP or not. If using DHCP, make sure you have an IP as Scott suggested before going any further. Also for DHCP, if you're having problems with connections dropping, there are issues with ISP's that do stupid stuff with DHCP with older versions. 1.2b1 fixes all known issues with that. On Mon, 2007-06-04 at 22:10 -0400, Chris Buechler wrote: On Tue, 2007-06-05 at 12:51 +1200, Volker Kuhlmann wrote: I am having exactly the same problem. pfSense 1...? RC1 (I think) on a jokebox with 64MB RAM, so I replaced the box and all NICs with something bigger, running pfSense 1 final (from Dec 06). Hosts on the DMZ remain reachable from LAN, Motorola cable modem (since replaced with a newer model) is reachable from the LAN via the WAN interface, proving there is no hardware fault. ISP's gateway is not rechable from LAN or the pfSense machine. Everything looks as if the cable service has gone down, except that I am certain it has not - each time I reboot the pfsense machine, and Internet connectivity is back immediately. First, if you're not running 1.2b1, you should try it. I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a constant ping to your WAN gateway from your LAN, try to access websites, etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then you can use the webGUI to download that 'capture.pcap' file, or scp it off to another host. Send it to me via email and I should be able to see what's happening on the wire. At this point, without that, it's anybody's guess as to what's happening. If your cable company is twice as competent as our local cable company here, they'd still be completely inept. In other words, I wouldn't rule out a weird network issue on their end. Scott and I spent countless hours tracking down a really screwy issue that turned out to be something they screwed up on their network, when they claimed repeatedly they hadn't changed anything and it was a firewall problem. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thank you indeed Chris I understand the modem is largely bridging, as I think you are suggesting, given the Internet IP address appears on the pfSense WAN NIC. This is the sort of approach I was looking for. Given my ISP is declared on my email address here I won't comment about New Zealand ISP's here. I might however point out that I have not disagreed with you in any way. My presumption is that it is either coming from pfSense or indeed, as you suggest, the ISP. There are some TiVo's on the LAN here that also are intermittently having issues downloading data for no apparent reason when everything is connected, also using a proxy. (VOIP and Skype also running) I'll install 1.2b1 on another CF card and see what transpires. I am pretty sure the unplug / plug in has been tried in the past, without success, will try again to be sure. Kind regards David Hingston. - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Tuesday, June 05, 2007 2:10 PM Subject: Re: [pfSense Support] pfSense Hanging... First, if you're not running 1.2b1, you should try it. I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a constant ping to your WAN gateway from your LAN, try to access websites, etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then you can use the webGUI to download that 'capture.pcap' file, or scp it off to another host. Send it to me via email and I should be able to see what's happening on the wire. At this point, without that, it's anybody's guess as to what's happening. If your cable company is twice as competent as our local cable company here, they'd still be completely inept. In other words, I wouldn't rule out a weird network issue on their end. Scott and I spent countless hours tracking down a really screwy issue that turned out to be something they screwed up on their network, when they claimed repeatedly they hadn't changed anything and it was a firewall problem. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfSense Hanging...
Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
State table filling? Try increasing it in System-Advanced. --Bill On 6/3/07, Tortise [EMAIL PROTECTED] wrote: Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. I'll keep an eye on it, I doubt that is the issue. Kind regards David Hingston - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 12:21 PM Subject: Re: [pfSense Support] pfSense Hanging... State table filling? Try increasing it in System-Advanced. --Bill On 6/3/07, Tortise [EMAIL PROTECTED] wrote: Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it hangs, what exactly do you mean? There are tons of possibilities for hangs. Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
