Thanks Sean
I'd like to update...
I am running wireshark - however the connection has yet to misbehave whilst
doing so. (Now I know why I kept those old 100M hubs!)
Given the data volumes captured (about 100M an hour!) this has proven necessary
on a relatively capable box - I am now using a P4 3000 with 2G of RAM. 4.5
hours of data can take 30 mins to load, once capturing all is completed!
The ISP tell me the Motorola SB5101 is less compatible with some routers than
the SB5100. They are swapping these over, however one of my colleagues with
the same problem was running SB5100.... I am therefore sceptical that this will
fix it.
They also mentioned that they are aware there "some issues" with their network
which they are planning to address by an upgrade in the coming months, for what
that is worth.... Perhaps the wireshark data might shed some light on these
"issues"!?
Is the pfSense Diagnostics command Packet Capture of any relevance to me? I
presume it will write the results to RAM, which, even at 384M will have a time
limit that it can store....and then? (Several hours) I assume it does not do
last in first out? (Which would be preferable for me at least)
I will keep monitoring....
Kind regards
David Hingston
----- Original Message -----
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Saturday, August 18, 2007 1:35 AM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M
I actually turned the "block private networks" off on mine because my ISP
passes a 192.168.x.x address when i initially apply for a DHCP, but if you get
a static IP, then its a non-issue. realistically, to truly find the absolute
reason, you would have to tcpdump on the modem and pfsense at the same time to
see what its doing/not doing, and I don't see that happening.
only other thing I can think of is run a hub between the modem and pfsense
and throw another computer with a packet capture/wireshark on it to see if
there are any reasons in the packets ("route not found","incorrect MTU", "Need
fragmentation set", etc.) why its not getting past the modem.
-Sean
----------------------------------------------------------------------------
Date: Fri, 17 Aug 2007 23:38:58 +1200
From: [EMAIL PROTECTED]
To: support@pfsense.com
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean
>> im really thinking it’s a modem problem or something with the IP that is
assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config
page even if internet access is unavailable kind of confirms it.
It does tend to suggest that maybe pfsense is not the problem, but....why
the need to reboot pfsense? It is almost like a keep alive situation has
failed... Incidentally VOIP and a webserver, amongst other things, run behind
pfsense, it is getting ample traffic to keep alive!
>>conecting another computer to the modem, I'm taking it, would get a DHCP
address that is different from pfsense.
No, it is a static address situation, the windows PC's NIC is configured
with the same static IP, DNS and gateway to connect up, and it does...
>>playing devils advocate. I know that you have reinstalled pfsense freshly
on the box to try and resolve that. did you rebuild the config from scratch or
just import it back in.
Yes have run up multiple versions, using both CD and also embedded version
on CF media. Makes it easy to swap scenarios! I am currently running the
latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and
even did a compare with the previous XML using Winmerge. There were many
differences, but none of them seemed like they might be significant, XML is XML
when its compliant....but...anyway it didn't seem to make any difference. Same
problems occurred in the last stable version and 1.00 as well I recall.
>>also is your internet IP static or DHCP.
As above, static!
>>and do you have the "Block private networks" option turned on for the WAN
interface on your box
Yes, is a default setting I think, not been played with. Bogons is
unchecked, I suppose this might be better checked?
I talked with the ISP tonight. They couldn't confirm what the MTU should
be, (I was not surprised) so I have to assume default. The party line is we
support Windows Hook ups and that's about all. I have opened a (nother) ticket
and requested a call from their network engineer, apparently a "senior
technician" is going to call me.
Many thanks for continuing to work with me on this conundrum!
Kind regards
David Hingston
----- Original Message -----
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Friday, August 17, 2007 11:07 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
-Sean
----- Original Message -----
From: Tortise
To: support@pfsense.com
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean et al
Problem has recurred, I have done the following ping tests during the
problem condition:
I can ping from both LAN and WAN the WAN Static IP (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the
gateway (a.b.c.1)
Following reboot all the above pings work and traceroute confirms
a.b.c.1 is the first hop.
When I have rung the ISP during this condition they say there is no
problem with the cable modem as they can "see it". They back this up by
insisting that I can connect a PC direct to the Cable modem and browse the web,
which has always been the case. Repowering the cable modem does not fix the
problem. Rebooting pfSense does.
This doesn't make much sense to me, why can I ping the cable modem,
which is notionally the first (all be it bridged) hop yet can't ping the ISP
gateway? It suggests pfsense is OK from WAN to the cable modem, however the
fix is to reboot pfsense and not the modem!
Could the problem be something to do with the ISP's gateway losing the
connection, that is re-established by rebooting pfsense?
Kind regards
David Hingston
----- Original Message -----
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Thursday, August 16, 2007 11:32 PM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it
that the WAN interface becomes unresponsive? if its an internal disconnect you
should still be able to ping an outside source from the firewall even if
systems on the LAN cant. if its the WAN interface itself, nothing would
respond.
are you sure you are running the correct MTU settings on the
interface? I can def see why you would want to run TCPDump on the box now.
----------------------------------------------------------------------
> Date: Thu, 16 Aug 2007 19:32:25 +1200
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
>
> >>Buy hardware that's not faulty. pfsense is *way* more robust than
what it seems to be for you. what network interfaces do you
> >>have? if other than broadcom or Intel, switch to Intel.
>
> In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They
have lasted almost 48 hours before the internal disconnection
> between the LAN and WAN recurred yet again..... The state table is
reported as having showed 56 entries on index.php. Fixed by
> rebooting. Nothing else. (Cheaper cards have lasted longer!)
>
> Surely we can now conclusively say this is not a NIC or hardware
issue? This happens for me on completely different machines with
> >= 256M RAM.
>
> I have most recently been running 1.2-RC1, pretty much since it was
released. it teased me by running fine for 2 weeks, before
> reproducing the same problems.
>
> One of my colleagues has now abandoned pfSense, as it has proven to
be unreliable for him.
>
> I do not want to, however the current reliability is also
unsustainable for me.
>
> Is there any way I can assist to fix this problem?
>
> Kind regards
> David Hingston
>
>
>
>
> ----- Original Message -----
> From: "Tortise" <[EMAIL PROTECTED]>
> To: <support@pfsense.com>
> Sent: Saturday, July 21, 2007 10:23 AM
> Subject: Re: [pfSense Support] Programming pfSense to Reboot and
Dump LAN / WAN traffic
>
>
> Thank you Vivek
>
> >> connect both systems to a hub and run tcpdump on the other
machine logging all traffic some place.
>
> Yes they are already on a LAN with a switch. I didn't realise
TCPDump could be run from another machine other than the one being
> dumped from. From what you suggest it can. I'll study it up and see
if I can get it to! (Unless someone here knows the syntax for
> this well and can just roll it off?)
>
> >>Buy hardware that's not faulty. pfsense is *way* more robust than
what it seems to be for you. what network interfaces do you
> >>have? if other than broadcom or intel, switch to intel.
>
> We (3 of us) believe this is not a hardware issue. 3 of us are on
the same ISP here in NZ, and experiencing the same issues for
> many months. The ISP uses much the same Motorola Cable modem to
interface into our static IP's. The same fault occurs using
> completely different hardware here also. I have another pfSense box
running at alternative premises connected to quite a different
> ISP and that box just goes, in line with what we believe we should
be expecting. Swapping the boxes also suggests it is not a
> hardware problem as they all work at the alternative ISP / venue.
>
> I find running Monowall also has the same experience here, - the
same Monowall box is stable for months off site. I have been
> tempted to post to the monowall list also, cross posts are
considered bad etiquette and I presume the monowall folks are also on
> both lists, I have refrained. (Is this correct?)
>
> It suggests to me there is something about our ISP which is a
problem, perhaps their hardware or perhaps something about their
> traffic. Clearly this should not be the case, but the onus falls on
us (rightly or wrongly) to prove this.
>
> It also suggests to me there is a vulnerability in FreeBSD as the
problem occurs in both Monowall and pfSense with this cable ISP.
>
> I'd prefer my firewall not need random rebooting. We'd all like to
help within our power and ability to move this forwards as
> FreeBSD and its children (pfSense and Monowall) are largely
fantastic!
>
> Kind regards
> David Hingston
>
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
----------------------------------------------------------------------
Recharge--play some free games. Win cool prizes too! Play It!
------------------------------------------------------------------------------
New home for Mom, no cleanup required. All starts here.
