QNAP pfSense dropout
-
Yes I meant whatever is upstream of pfSense. So that could be the NTD or the next hop router at the ISP.
The states should look something like:
LAN1 icmp 192.168.1.5:3 -> 1.1.1.1:3 0:0 10 / 10 840 B / 840 B PLUSNET icmp 217.45.XX.XX:60209 (192.168.1.5:3) -> 1.1.1.1:60209 0:0 10 / 10 840 B / 840 B
That is filtered for 1.1.1.1. You can see the source is translated by the outbound NAT from the internal address to the WAN address.
Both your clients should appear like that. The upstream device should see no difference between them as it only ever sees the WAN IP.
-
@stephenw10 - It will be working fine and then just lose connection . The QNAP only has two NICS - common one for LAN and one for WAN. The switch is set as shown. Looks like a loss connection. Perhaps needs a dedicated NIC.
-
Hmm, so it disconnects even if you just have one client connected? Not related to connecting a second client?
That log above seems to show the physical NIC losing link in the NAS which is not something pfSense would have control over in that setup.
-
@stephenw10 what would be the diagnostic report / filters that could show me connection and dropout times? Thank you for your help.
-
@stephenw10 psfSense shows 100% packet loss when it hangs up. Both WAN and LAN are shown as green and up.
-
Do both NICs fail at the same time? Or is it still reachable internally via NIC2?
And, to be clear, you now think this is a general connection failure and not related to different clients connecting?
-
I had an issue with a printer when it would go to sleep it would not let me print or find the printer. I created a dhcp record for it set it to static, added a dns host override for it and never had an issue again. I assume your QNAP goes to sleep when it’s not in use like my Buffalo NAS and that might be the issue… it’s sleeping on the job and needs to have the ability to be woke up, the static arp record might help it did for me.
-
@stephenw10 Hi only loss of internet. LAN is still accessible. I think that it is specific Bigpond (Australian ISP DHCP Login ) issue. I moved the QNAP to another ISP (TPG with PPPoE) which does not have disconnection issues. pfSense not playing nicely with Bigpond . Now trying with OPNSense to see if similar. (Connection is via the same NTD which has 4 ports for Fibre service - I have two activated.
-
@JonathanLee possibly a going to sleep issue but I have no hibernation turned on. Will see if I can implement your approach.
-
@ppal said in QNAP pfSense dropout:
pfSense not playing nicely with Bigpond
Hmm, waaay back in the day there were some special options for bigpond. Anything logged in dhcp?
Does a pcap show it requesting leases? ARPing for stuff?
-
@stephenw10
Hi Stephen,Thank you for your suggestions earlier. I’ll revisit pfSense after completing my testing with OPNSense. I noticed that another user had a similar issue (https://forum.netgate.com/topic/169400/pfsense-ipv6-with-telstra-nbn), but it seems they didn’t receive much assistance on the forum.
Apparently, there’s a detailed 32-step guide to get IPv6 working: https://whirlpool.net.au/wiki/pfsense_ipv6_telstra.
For now, even having IPv4 running reliably would be a great starting point!
Thanks again for your insights.
Best regards,
-
Hmm, I'm never sure how similar services are between providers on NBN. That seems to be IPv6 specific though and you stopped seeing all connectivity.
-
@stephenw10 Hi
I have swapped the LAN and WAN ports. What would be the best package to monitor the connections.
-
It should be detected and logged by the gateway monitoring anyway without a package.
However you can run something like mytraceroute on the firewall to see where it fails. Or something smokeping on a client behind the firewall.
-
@stephenw10 I found this https://www.telstra.com.au/content/dam/tcom/small-business/support/pdf/nbn-byo-%20router-guide.pdf - Looks like requires traffic shaping and requires. MTU 1500 or lower . Probably go for MTU 1492 and MSS 1452 and shape the traffic to my tier.
-
Hmm, well I guess that could do it if they cut you off when you overrun your tier bandwidth.
-
@stephenw10, I swapped the LAN and WAN ports, and it worked for about 7 hours. During that time, I believed the issue was resolved, but unfortunately, it locked up again with packet failures. I'll give it another try, but one would expect the shaping to be handled on their end. It's worth testing, though. Thanks for engaging.
-
Mmm, it's been a while but I have seen providers that police bandwidth by just cutting connections. I don't recall seeing that for anything end user facing though.
-
@stephenw10 Here’s a professional rewrite:
Subject: MTU Configuration Issue with ISP-Supplied Router
Hello @stephenw10,
I configured the MTU to 1492 (with MSS at 1452) on my ISP-supplied router. This setting was based on recommendations for my connection type.
However, after sitting idle for some time, the router locked up overnight. The attached screenshot provides additional details.
Could you advise on any potential causes for the issue or whether further adjustments are recommended to stabilize the setup?
Thank you for your insights.
-
By 'locked up' I assume you mean just stopped passing traffic because it looks like you were still able to login to it?