Re: [pfSense Support] Message repeating in System Log, can't find the reason
Not to discredit Chris on his way of doing this but for the GUI users, go to the Diagnostics menu --> Packet Capture --> Change the interface the one you are having issues with, change the number of packets to 1000, and change the level to full. Start the capture, and when finshed, download the pcap file and open it with Wireshark or then send it to Chris. This method is easier for me (fat fingers) :). Verify your packet output with the DHCP RFC http://www.networksorcery.com/enp/rfc/rfc2131.txt Curtis
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Michael Richardson wrote: I'm hoping the log entries below will help because I'm not familiar with tcpdump yet (spoiled GUI user where packet-capturing is concerned). go to a command line (enable SSH if you haven't already or do it at the actual console), and run: tcpdump -i fxp0 -s 1515 -w /tmp/wandhcp.pcap replacing fxp0 with whatever the real interface of your second WAN is. Then hit release/renew 3-4 times on your second WAN on the Status->Interfaces page, wait a minute or two, and hit ctrl-c to break out of the tcpdump. In the Command page under Diagnostics, you can download the file /tmp/wandhcp.pcap and email it to me offlist. It looks like from the logs below you're getting something unacceptable from DHCP but I'm not sure. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Bryan Derman wrote: I see how multiple WANs from different providers (assuming they use different link-level sources and/or technology) can provide backup for outgoing access, but I haven't figured out how this can help for incoming access to servers. I.E., let's say I have 2 WAN connections with public IPs; 98.76.54.231 via a cable-based ISP and 123.45.67.89 via DSL-based ISP. Now say I run a web server, www.mydomain.com, that has a DNS-resolvable public IP address of 123.45.67.89 (i.e., the DSL-based WAN). If my DSL-based WAN goes down and pfSense nicely re-routes everything through the cabled-based WAN, how does one (re)route the traffic coming into www.mydomain.com to target the cable-based WAN at 98.76.54.231? The only way I can see of doing this would be to have a DNS server that provides fail-over but, given that DNS servers are highly distributed and employ timed caching, such a fail-over would take considerable time to propagate (likely more time than the typical ISP's outage, or so one would hope?). Not with an adequately low TTL on your DNS records. There are companies doing exactly this with pfSense and the tinydns package. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
I see how multiple WANs from different providers (assuming they use different link-level sources and/or technology) can provide backup for outgoing access, but I haven't figured out how this can help for incoming access to servers. I.E., let's say I have 2 WAN connections with public IPs; 98.76.54.231 via a cable-based ISP and 123.45.67.89 via DSL-based ISP. Now say I run a web server, www.mydomain.com, that has a DNS-resolvable public IP address of 123.45.67.89 (i.e., the DSL-based WAN). If my DSL-based WAN goes down and pfSense nicely re-routes everything through the cabled-based WAN, how does one (re)route the traffic coming into www.mydomain.com to target the cable-based WAN at 98.76.54.231? The only way I can see of doing this would be to have a DNS server that provides fail-over but, given that DNS servers are highly distributed and employ timed caching, such a fail-over would take considerable time to propagate (likely more time than the typical ISP's outage, or so one would hope?). Is there something I'm missing, here? FYI, for us this is a real problem that I'd like to solve. __ Previous message from Chris Buechler on 2008-03-06 at 4:11 PM -0500 -- |Anil Garg wrote: |> Now that the broadband is very reliable, why would anyone use more |> than one WAN at home. What are the benefits you have seen or desired |> in multiple dhcp wan at home. | |"Very reliable" depends on your provider, your definition of reliable, |and even more, your tolerance for downtime. My tolerance for downtime is |0. I work a significant amount out of my home office, largely on |servers, routers, firewalls, switches, etc. in remote locations where I |must have an Internet connection. My primary 15 Mb cable connection is |down around 4 hours a month on average, and once a year or so for 48+ |hours straight or longer. | |While that's no big deal for your typical residence, it's critical for |me and *always* happens to me at the worst times. When you have clients |that rely on you being accessible to assist any time, the money spent on |the backup DSL connection is well worth it and a relatively |insignificant cost. When I'm doing something critical after hours, I |don't want to be stuck driving into the office or elsewhere with a |working Internet connection at 3 AM to finish the job. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Message repeating in System Log, can't find the reason
I'm hoping the log entries below will help because I'm not familiar with tcpdump yet (spoiled GUI user where packet-capturing is concerned). Mar 5 21:34:01 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:34:01 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:33:43 dhclient[80556]: bound: renewal in 27102 seconds. Mar 5 21:33:42 dhclient[80556]: Trying recorded lease 192.168.0.2 <-- This looks interesting Mar 5 21:33:42 dhclient[80556]: No DHCPOFFERS received. Mar 5 21:33:31 last message repeated 3 times Mar 5 21:33:12 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:33:12 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:33:00 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:33:00 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:32:58 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 11 Mar 5 21:32:48 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 10 Mar 5 21:32:43 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 5 Mar 5 21:32:41 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 2 Mar 5 21:32:34 last message repeated 3 times Mar 5 21:32:28 php: : Not a valid interface action "" Mar 5 21:32:28 php: : Processing - Mar 5 21:32:28 php: : Not a valid interface action "" Mar 5 21:32:28 php: : Processing start - Mar 5 21:32:28 php: : HOTPLUG: Configuring optional interface - opt Mar 5 21:32:28 php: : DEVD Ethernet attached event for sk0 Mar 5 21:32:28 php: : Processing sk0 - start Mar 5 21:32:28 check_reload_status: rc.linkup starting Mar 5 21:32:26 dhclient[80556]: DHCPREQUEST on sk0 to 255.255.255.255 port 67 Mar 5 21:32:26 kernel: sk0: link state changed to UP Mar 5 21:32:24 kernel: sk0: link state changed to DOWN Mar 5 21:32:19 syslogd: kernel boot file is /boot/kernel/kernel -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 3:27 PM To: support@pfsense.com Subject: Re: [pfSense Support] Message repeating in System Log, can't find the reason Michael Richardson wrote: > My reasons are two-fold. One is as Chris said, I work from home AND have > servers in the home that need to remain accessible to my hosted servers. > > The 2nd is because I do a significant amount of off-site backups in 2 > directions so a 2nd line allows me to saturate one with file transfers > without affecting my more casual activities. > > I'd like to thank everyone for engaging in this dialog and helping out. I'm > still having the same problem though. My 2nd WAN interface refuses to pull > an IP via DHCP and by testing with the 1st interface, and other devices I > know that the modem is more than happy to hand one out. How do I go about > troubleshooting this? > tcpdump on the interface and see what's really happening. Also I haven't read the entirety of this really long thread, if you've already sent logs from dhclient please re-send them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Michael Richardson wrote: My reasons are two-fold. One is as Chris said, I work from home AND have servers in the home that need to remain accessible to my hosted servers. The 2nd is because I do a significant amount of off-site backups in 2 directions so a 2nd line allows me to saturate one with file transfers without affecting my more casual activities. I'd like to thank everyone for engaging in this dialog and helping out. I'm still having the same problem though. My 2nd WAN interface refuses to pull an IP via DHCP and by testing with the 1st interface, and other devices I know that the modem is more than happy to hand one out. How do I go about troubleshooting this? tcpdump on the interface and see what's really happening. Also I haven't read the entirety of this really long thread, if you've already sent logs from dhclient please re-send them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Message repeating in System Log, can't find the reason
My reasons are two-fold. One is as Chris said, I work from home AND have servers in the home that need to remain accessible to my hosted servers. The 2nd is because I do a significant amount of off-site backups in 2 directions so a 2nd line allows me to saturate one with file transfers without affecting my more casual activities. I'd like to thank everyone for engaging in this dialog and helping out. I'm still having the same problem though. My 2nd WAN interface refuses to pull an IP via DHCP and by testing with the 1st interface, and other devices I know that the modem is more than happy to hand one out. How do I go about troubleshooting this? -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 2:12 PM To: support@pfsense.com Subject: Re: [pfSense Support] Message repeating in System Log, can't find the reason Anil Garg wrote: > Now that the broadband is very reliable, why would anyone use more > than one WAN at home. What are the benefits you have seen or desired > in multiple dhcp wan at home. "Very reliable" depends on your provider, your definition of reliable, and even more, your tolerance for downtime. My tolerance for downtime is 0. I work a significant amount out of my home office, largely on servers, routers, firewalls, switches, etc. in remote locations where I must have an Internet connection. My primary 15 Mb cable connection is down around 4 hours a month on average, and once a year or so for 48+ hours straight or longer. While that's no big deal for your typical residence, it's critical for me and *always* happens to me at the worst times. When you have clients that rely on you being accessible to assist any time, the money spent on the backup DSL connection is well worth it and a relatively insignificant cost. When I'm doing something critical after hours, I don't want to be stuck driving into the office or elsewhere with a working Internet connection at 3 AM to finish the job. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Anil Garg wrote: Now that the broadband is very reliable, why would anyone use more than one WAN at home. What are the benefits you have seen or desired in multiple dhcp wan at home. "Very reliable" depends on your provider, your definition of reliable, and even more, your tolerance for downtime. My tolerance for downtime is 0. I work a significant amount out of my home office, largely on servers, routers, firewalls, switches, etc. in remote locations where I must have an Internet connection. My primary 15 Mb cable connection is down around 4 hours a month on average, and once a year or so for 48+ hours straight or longer. While that's no big deal for your typical residence, it's critical for me and *always* happens to me at the worst times. When you have clients that rely on you being accessible to assist any time, the money spent on the backup DSL connection is well worth it and a relatively insignificant cost. When I'm doing something critical after hours, I don't want to be stuck driving into the office or elsewhere with a working Internet connection at 3 AM to finish the job. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
> Now that the broadband is very reliable, why would anyone use more than one > WAN at home. What are the benefits you have seen or desired in multiple > dhcp wan at home. I'm not sure where you are that you have such reliable internet access, but such is not the case for many (esp. large) North American providers, especially for the typical consumer. I'd even say most of the attitudes I've seen are pretty cavalier toward private consumers. Nearly every benefit of multi-WAN configurations can be useful at the home: throughput, availability, and cost, among others. However, don't forget that many of us run offices and/or servers at home, and that a sizeable chunk of pfSense use is in fact commercial in nature (ISPs to enterprises, and many in between). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Now that the broadband is very reliable, why would anyone use more than one WAN at home. What are the benefits you have seen or desired in multiple dhcp wan at home. Chris Buechler <[EMAIL PROTECTED]> wrote: RB wrote: >> I may be mistaken but I though pfSense only supported 1 DHCP >> connection on the WAN >> > > It was my understanding that only the interface designated 'WAN' could > do PPPoE, but the others in a multi-WAN setup could do DHCP or static. > That is correct. There are at least a couple people using 5 or more WANs on one box all configured for DHCP. I personally use multiple DHCP WANs on my home network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
RB wrote: I may be mistaken but I though pfSense only supported 1 DHCP connection on the WAN It was my understanding that only the interface designated 'WAN' could do PPPoE, but the others in a multi-WAN setup could do DHCP or static. That is correct. There are at least a couple people using 5 or more WANs on one box all configured for DHCP. I personally use multiple DHCP WANs on my home network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Message repeating in System Log, can't find the reason
> I may be mistaken but I though pfSense only supported 1 DHCP > connection on the WAN It was my understanding that only the interface designated 'WAN' could do PPPoE, but the others in a multi-WAN setup could do DHCP or static. Of course, DHCP may cause problems with balancing/routing, but I've not experimentally proven that. Can anyone else with direct experience (or one of the devs) come to bear on what WAN combinations should [not?] work? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Message repeating in System Log, can't find the reason
I am trying to use DHCP on both, and I think that may be a reasonable explanation. If I pull a lease by other methods and then plug that info in as static, would that likely work? I still have a problem with Gateways though. I can't seem to pull a new IP/Gateway like I used to, by changing my spoofed MAC and at the moment, both modems are pulling IPs with the same gateway. Only other solution is the double NAT right (or something a bit more tricky like 1:1 NAT)? Thanks for the help. I expected this to be a common occurrence, but the response I've seen (aside from yours) says otherwise. _ From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 10:05 PM To: support@pfsense.com Subject: Re: [pfSense Support] Message repeating in System Log, can't find the reason Seperate interfaces should work. BSR is nothing more than broadband services router. I think Cox uses the AMT / Motorola BSR64000. Are you using DHCP on both interfaces. I may be mistaken but I though pfSense only supported 1 DHCP connection on the WAN, the other has to be a static. Don't quote me on that though. Curtis
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Seperate interfaces should work. BSR is nothing more than broadband services router. I think Cox uses the AMT / Motorola BSR64000. Are you using DHCP on both interfaces. I may be mistaken but I though pfSense only supported 1 DHCP connection on the WAN, the other has to be a static. Don't quote me on that though. Curtis
RE: [pfSense Support] Message repeating in System Log, can't find the reason
I'm using separate interfaces (completely separate nics actually). Could you educate me on the meaning of BSR? I think I have refined the description of my trouble. I found that my 2nd cable modem is more than happy to give up an IP to the first interface, or another machine. I think the following series of entries in my System Log is key to the problem. Following the next few lines is a complete log from the point I try to renew the interface, until it settles and begins looping the aforementioned messages. "Trying Recorded lease?" Mar 5 21:33:43 dhclient[80556]: bound: renewal in 27102 seconds. Mar 5 21:33:42 dhclient[80556]: Trying recorded lease 192.168.0.2 Mar 5 21:33:42 dhclient[80556]: No DHCPOFFERS received. Complete Log: Mar 5 21:34:01 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:34:01 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:33:43 dhclient[80556]: bound: renewal in 27102 seconds. Mar 5 21:33:42 dhclient[80556]: Trying recorded lease 192.168.0.2 Mar 5 21:33:42 dhclient[80556]: No DHCPOFFERS received. Mar 5 21:33:31 last message repeated 3 times Mar 5 21:33:12 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:33:12 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:33:00 kernel: arpresolve: can't allocate route for 192.168.0.1 Mar 5 21:33:00 kernel: arplookup 192.168.0.1 failed: host is not on local network Mar 5 21:32:58 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 11 Mar 5 21:32:48 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 10 Mar 5 21:32:43 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 5 Mar 5 21:32:41 dhclient[80556]: DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 2 Mar 5 21:32:34 last message repeated 3 times Mar 5 21:32:28 php: : Not a valid interface action "" Mar 5 21:32:28 php: : Processing - Mar 5 21:32:28 php: : Not a valid interface action "" Mar 5 21:32:28 php: : Processing start - Mar 5 21:32:28 php: : HOTPLUG: Configuring optional interface - opt Mar 5 21:32:28 php: : DEVD Ethernet attached event for sk0 Mar 5 21:32:28 php: : Processing sk0 - start Mar 5 21:32:28 check_reload_status: rc.linkup starting Mar 5 21:32:26 dhclient[80556]: DHCPREQUEST on sk0 to 255.255.255.255 port 67 Mar 5 21:32:26 kernel: sk0: link state changed to UP Mar 5 21:32:24 kernel: sk0: link state changed to DOWN Mar 5 21:32:19 syslogd: kernel boot file is /boot/kernel/kernel _ From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 7:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] Message repeating in System Log, can't find the reason Are you using seperate interfaces or VLAN's? If you are connected to the same BSR with the cable modem's it's not going to like the MAC address most likely. Also, do you have a switch connected the the cable modems, then the switch connected to the firewall? I have found that when using the same BSR is breaks the second cable modem for some reason. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Are you using seperate interfaces or VLAN's? If you are connected to the same BSR with the cable modem's it's not going to like the MAC address most likely. Also, do you have a switch connected the the cable modems, then the switch connected to the firewall? I have found that when using the same BSR is breaks the second cable modem for some reason. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: [pfSense Support] Message repeating in System Log, can't find the reason
Thank you, Both my WAN connections are via COX and I found that WAN2 wasn't pulling an IP properly but the Gateway did show as 192.168.0.1. When I released the interface, I stopped getting these messages. I've power cycled the modem and when I try to renew the lease, I get the same results. This a problem at my end, or do I need to have cox re-provision my modem? _ From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 7:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] Message repeating in System Log, can't find the reason Check your ARP table and see if possibly that IP is there. I'm guessing it's coming from your ISP's edge device. I see this every now and then with Cox Cable Modems. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] Message repeating in System Log, can't find the reason
Check your ARP table and see if possibly that IP is there. I'm guessing it's coming from your ISP's edge device. I see this every now and then with Cox Cable Modems. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com