>> if you can get to the cable modem and no farther, that sounds like its a
>> problem with the modem and not the pfsense box.
Yes, that was initially suspected and has been investigated to the max.
>> i know my first cable modem started locking up where i had to power cycle it
>> every few days to get it to work again but it gave a visual indication with
>> its status lights that there was a problem. you might want to see about
>> getting that replaced with a new modem and maybe having a tech come out to
>> verify that the signal level is where it should be. too low and it will cut
>> out, too high and it will fry the modem.
All this has been done, signal verified, we have a signal attenuator that makes
for the perfect signal level, this can and is be checked from the modem web
interface. To be sure the modem was also replaced.
Power cycling the modem makes no difference. A notebook can be connected and
browse the web from the modem during these occasions. The ISP can see the
modem during these occasions and verifies it is fine.
As three users of the same ISP are having problems user hardware is largely
eliminated as the problem. (ISP hardware isn't though)
Rebooting pfsense re-establishes LAN - WAN connectivity. This is repeatedly
proven to restore connectivity - when nothing else has been done.
The pfsense hardware has all been completely swapped out.
The modem and pfsense run on a quality UPS.
The only remaining possible explanations is some peculiar web traffic and/or
pfsense software vulnerability. (MTU to be confirmed, I doubt this to be the
issue, if it were I think it would be much more of a problem?)
How does one track this down?
Kind regards
David Hingston
----- Original Message -----
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Friday, August 17, 2007 12:54 AM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M
if you can get to the cable modem and no farther, that sounds like its a
problem with the modem and not the pfsense box.
i know my first cable modem started locking up where i had to power cycle it
every few days to get it to work again but it gave a visual indication with its
status lights that there was a problem. you might want to see about getting
that replaced with a new modem and maybe having a tech come out to verify that
the signal level is where it should be. too low and it will cut out, too high
and it will fry the modem.
-Sean
----------------------------------------------------------------------------
Date: Thu, 16 Aug 2007 23:59:31 +1200
From: [EMAIL PROTECTED]
To: support@pfsense.com
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it that
the WAN interface becomes unresponsive? if its an internal disconnect you
should still be able to ping an outside source from the firewall even if
systems on the LAN cant. if its the WAN interface itself, nothing would
respond.
From memory I can ping the cable modem from the LAN and still view its
page, but that is as far as it will go. I'll check these again next time it
happens sometime in the next two weeks! Pretty sure I can no longer ping the
WAN's static IP from the Net (Having created an allow ping rule) and the
pfSense ping page does not get responses from anything on the net beyond the
cable modem. Is that internal?
are you sure you are running the correct MTU settings on the interface?
Using default setting here. Not aware they are not standard, but will
check with the ISP.
I suspect the ISP is doing something funny, but even if so pfSense should
remain immune to it?
I can def see why you would want to run TCPDump on the box now.
Thanks Sean!
Kind regards
David Hingston
----- Original Message -----
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Thursday, August 16, 2007 11:32 PM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it
that the WAN interface becomes unresponsive? if its an internal disconnect you
should still be able to ping an outside source from the firewall even if
systems on the LAN cant. if its the WAN interface itself, nothing would
respond.
are you sure you are running the correct MTU settings on the interface? I
can def see why you would want to run TCPDump on the box now.
--------------------------------------------------------------------------
> Date: Thu, 16 Aug 2007 19:32:25 +1200
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
>
> >>Buy hardware that's not faulty. pfsense is *way* more robust than
what it seems to be for you. what network interfaces do you
> >>have? if other than broadcom or Intel, switch to Intel.
>
> In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have
lasted almost 48 hours before the internal disconnection
> between the LAN and WAN recurred yet again..... The state table is
reported as having showed 56 entries on index.php. Fixed by
> rebooting. Nothing else. (Cheaper cards have lasted longer!)
>
> Surely we can now conclusively say this is not a NIC or hardware issue?
This happens for me on completely different machines with
> >= 256M RAM.
>
> I have most recently been running 1.2-RC1, pretty much since it was
released. it teased me by running fine for 2 weeks, before
> reproducing the same problems.
>
> One of my colleagues has now abandoned pfSense, as it has proven to be
unreliable for him.
>
> I do not want to, however the current reliability is also unsustainable
for me.
>
> Is there any way I can assist to fix this problem?
>
> Kind regards
> David Hingston
>
>
>
>
> ----- Original Message -----
> From: "Tortise" <[EMAIL PROTECTED]>
> To: <support@pfsense.com>
> Sent: Saturday, July 21, 2007 10:23 AM
> Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump
LAN / WAN traffic
>
>
> Thank you Vivek
>
> >> connect both systems to a hub and run tcpdump on the other machine
logging all traffic some place.
>
> Yes they are already on a LAN with a switch. I didn't realise TCPDump
could be run from another machine other than the one being
> dumped from. From what you suggest it can. I'll study it up and see if
I can get it to! (Unless someone here knows the syntax for
> this well and can just roll it off?)
>
> >>Buy hardware that's not faulty. pfsense is *way* more robust than
what it seems to be for you. what network interfaces do you
> >>have? if other than broadcom or intel, switch to intel.
>
> We (3 of us) believe this is not a hardware issue. 3 of us are on the
same ISP here in NZ, and experiencing the same issues for
> many months. The ISP uses much the same Motorola Cable modem to
interface into our static IP's. The same fault occurs using
> completely different hardware here also. I have another pfSense box
running at alternative premises connected to quite a different
> ISP and that box just goes, in line with what we believe we should be
expecting. Swapping the boxes also suggests it is not a
> hardware problem as they all work at the alternative ISP / venue.
>
> I find running Monowall also has the same experience here, - the same
Monowall box is stable for months off site. I have been
> tempted to post to the monowall list also, cross posts are considered
bad etiquette and I presume the monowall folks are also on
> both lists, I have refrained. (Is this correct?)
>
> It suggests to me there is something about our ISP which is a problem,
perhaps their hardware or perhaps something about their
> traffic. Clearly this should not be the case, but the onus falls on us
(rightly or wrongly) to prove this.
>
> It also suggests to me there is a vulnerability in FreeBSD as the
problem occurs in both Monowall and pfSense with this cable ISP.
>
> I'd prefer my firewall not need random rebooting. We'd all like to help
within our power and ability to move this forwards as
> FreeBSD and its children (pfSense and Monowall) are largely fantastic!
>
> Kind regards
> David Hingston
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--------------------------------------------------------------------------
Recharge--play some free games. Win cool prizes too! Play It!
------------------------------------------------------------------------------
Find a local pizza place, movie theater, and moreā¦.then map the best route!
Find it!
