Old, stable pfSense install - LAN port goes offline
-
Yes is this only happening when a client connects to the server and starts moving files?
Is that traffic going through pfSense?
Is anything logged in pfSense when that happens?
-
@Gblenn Correct - the NC server is running at all times. It locks when the client connects.
The IP and MAC are unique on the network.
As for checking logs, capturing packets, and analyzing the results, I have not yet explored those rooms of the pfSense mansion.
@stephenw10, I believe the traffic is traversing the firewall because I'm using the public URL - the server is reverse proxied.
-
@NickyDoes Ok yes in that case you do in fact route the traffic via pfsense, and e.g. Nginx in fact.
You could try split DNS to see if that makes any difference. I just tested it myself and it seems to work with NextCloud...
Go into Services / DNS Resolver (or forwarder if that's what you use) and almost at the bottom you add a new Host override. Enter the fqdn you use to access NextCloud (e.g. nextcloud.dns.org) split up into nextcloud and dns.org on rows 1 and 2. And then the IP for NextCloud without the port (which apparently isn't needed when doing it this way).
[EDIT] I guess since in the NC setup you have specified that it should listen to port 80/443 and it expects e.g. nextcloud.dns.org as host header or whatever it's called.
You will also get a certificate warning that you have to accept since it's no longer going through your proxy.But you also need to test with an external client so that it doesn't lock up if you are accessing from the internet. You could run a VPN client on the PC that you are testing from to simulate that..
-
Which proxy are you using? Is anything logged there?
Importantly with Realtek NICs check for watchdog timeout errors in the system log.
-
@stephenw10 said in Old, stable pfSense install - LAN port goes offline:
Which proxy are you using? Is anything logged there?
I'm guessing Nginx Proxy Manager in which case logs are under /some mountpoint/data/logs/. And there are logs per Proxy Host numbered in the order they appear in the UI.
Perhaps the error log cold uncover something, if there is anything misconfigured on the NC server for example. -
Hmm, I'd assumed HAProxy or Reverse Squid if it's hitting that on the firewall. But I could be wrong.
-
@stephenw10 I'm using pfsense's package haproxy.
-
OK then check in the package and system logs for any errors when it goes offline.
But still with Realtek NICs in the system they are my prime suspect!
-
@stephenw10 Yeah, yeah. Hating on Realtek ;-)
Actually, I ordered replacement hardware the same day this started to happen. I'll endeavor to come back to this thread when I find what happened through the logs, and when I change the hardware platform.
-
@NickyDoes said in Old, stable pfSense install - LAN port goes offline:
Yeah, yeah. Hating on Realtek ;-)
Mmm pretty much.
They do seems to be improving though. Their 100M NIC was truly terrible. The 1G chips can be OK, but sometimes not so much! I've yet to see a confirmed issue with their 2.5G NIC.
-
@stephenw10 said in Old, stable pfSense install - LAN port goes offline:
Hmm, I'd assumed HAProxy or Reverse Squid if it's hitting that on the firewall. But I could be wrong.
Clearly the correct assumption! I guess I was stuck in my thinking from when I set up NextCloud and all the instructions using Nginx. Which kind of makes sense since it's independent of what firewall is being used...
-
I'm returning to this thread with an update.
New hardware is in place. The backup - restore - reassign interfaces process was completely flawless and painless.
The new Broadcom-based ports are behaving where the previous hardware's Realtek ports were not.
The problem was solved with $200 in hardware. For those reading after 2025-01-20, the price from China may be higher.
