Any Idea
-
When this happens, log into to pfSense and check to see how many states are in use.
-
When this happens, log into to pfSense and check to see how many states are in use.
Well it just did a little glitchy thing. We lost internet for about 1 minute but it came back on its own, i did not have to reboot it. I saw that the state dropped to around 1900. It is usually at around 2800. When the internet came back it jumped up to around 3400 states. its currecntly at around 3000 states right now. What the heck is this router doing! ??? ;D
-
When this happens, log into to pfSense and check to see how many states are in use.
Well it just did a little glitchy thing. We lost internet for about 1 minute but it came back on its own, i did not have to reboot it. I saw that the state dropped to around 1900. It is usually at around 2800. When the internet came back it jumped up to around 3400 states. its currecntly at around 3000 states right now. What the heck is this router doing! ??? ;D
Never mind this looks like another IT reset the router so I'm not sure what the state was at. I will update you when it happens again.
-
When this happens, log into to pfSense and check to see how many states are in use.
Well it has not crashed yet. what should I be looking for? High states Low states #?
-
How have you sertup DNS at the pfSense (system>general, dns settings)? Are you using the DNS-forwarder? Does pfSense do DHCP for the clients too (any special settings for DNS at services>dhcp server)? It sounds like only DNS dies for some reason. Also is your WAN DHCP or static or PPPoE and you get the DNS assigned by the ISP?
-
How have you sertup DNS at the pfSense (system>general, dns settings)? Are you using the DNS-forwarder? Does pfSense do DHCP for the clients too (any special settings for DNS at services>dhcp server)? It sounds like only DNS dies for some reason. Also is your WAN DHCP or static or PPPoE and you get the DNS assigned by the ISP?
Thank you for the reply!
In "General Settings", for the DNS I have the IP of our domain server which does our DNS. DNS forwarder was on by default and I just left it on. Yes PFsense does DHCP for one of my Lans, the one with all the employee workstations. The second LAN is just servers with static IPs. My WAN is static IP plugged into a CISCO router that is plugged into a DS3 for internet. I want to setup a second WAN for my 5 Static IP DSL as soon as I get PFSense stable.
Thank you!
-
Make sure your internal DNS server doesn't use the pfSense to resolve too. This might cause a DNS loop. What DNS do you assign to your clients?
-
Make sure your internal DNS server doesn't use the pfSense to resolve too. This might cause a DNS loop. What DNS do you assign to your clients?
Nope the gateway on the DNS/Domain server is the second LAN on the PFSense…. and its DNS is its own ip, 192.168.1.195 and another..
Domain/DNS Server ipconfig /all:
IP Address. . . . . . . . . . . . : 192.168.1.195
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1 <----- Second LAN on the PFSense router.
DNS Servers . . . . . . . . . . . : 192.168.1.195
208.29.225.20So everything there looks just fine to me.
The clients/workstations get a DNS of....
IP Address. . . . . . . . . . . . : 192.168.2.62
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.3 <------ First LAN with DHCP on PFSense router.
DHCP Server . . . . . . . . . . . : 192.168.2.3
DNS Servers . . . . . . . . . . . : 192.168.1.195Okay well while I was typing this it went down again..... The 192.168.2.3 Network, the main network lost Internet. I could not even ping the PFSense Lan IP, 192.168.2.3
Now I could not log in to check the state # because I could not even ping 192.168.2.3...... But....
since I have a second network setup I went to one of the servers and was able to log into the PFSense web console on the 192.168.1.1 LAN.
The state # was around 500+ and dropping slowly. Now before this happened the State last I saw was 3000+.
Here is part of the system log....
Sep 15 16:23:50 msntp[85624]: msntp: unable to locate IP address/number
Sep 15 16:23:50 msntp[85624]: msntp: Unknown error: 0
Sep 15 16:24:50 msntp[85930]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000
Sep 15 16:24:50 msntp[85930]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state pool.ntp.org
Sep 15 16:24:50 msntp[85930]: msntp: bad daemon restart information
Sep 15 16:25:05 msntp[85930]: msntp: unable to locate IP address/number
Sep 15 16:25:05 msntp[85930]: msntp: Unknown error: 0
Sep 15 16:25:43 dnsmasq[2625]: reading /var/dhcpd/var/db/dhcpd.leases
Sep 15 16:26:05 msntp[86175]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000
Sep 15 16:26:05 msntp[86175]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state pool.ntp.org
Sep 15 16:26:05 msntp[86175]: msntp: bad daemon restart information
Sep 15 16:26:20 msntp[86175]: msntp: unable to locate IP address/number
Sep 15 16:26:20 msntp[86175]: msntp: Unknown error: 0
Sep 15 16:27:20 msntp[86423]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000
Sep 15 16:27:20 msntp[86423]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state pool.ntp.org
Sep 15 16:27:20 msntp[86423]: msntp: bad daemon restart information
Sep 15 16:27:35 msntp[86423]: msntp: unable to locate IP address/number
Sep 15 16:27:35 msntp[86423]: msntp: Unknown error: 0
Sep 15 16:27:40 pftpx[2713]: #520 client reset connection
Sep 15 16:27:40 pftpx[2713]: #520 client reset connection
Sep 15 16:27:40 dnsmasq[2625]: reading /var/dhcpd/var/db/dhcpd.leases
Sep 15 16:27:45 pftpx[2713]: #521 server timeout
Sep 15 16:27:45 pftpx[2713]: #521 server timeoutI dont really understand any of this…...
Now I think I will try tonight to swap network cards because I bought 4 brand new network cards for this project and I did not test them first and the LAN card may be bad. I'm not using the card setup for DSL yet so I will try and change this and hope I do not have to resetup the whole router again. :)
-
Please try the following:
Let the pfSense itself use the external IPS DNS Servers at system>general. Assign your Domain DNS to the clients (you already do that). Also make sure your WAN connection is up and usable during that state. Try pinging an IP like 64.233.187.99 (google.com) while your DNS is down. The systemlogs only show that the DNS was lost and that different processes were not able to resolve IPs due to that for example to run an ntp time sync. Finally check your local DNS for interoperability. Eventprotocols might help you here.
-
Please try the following:
Let the pfSense itself use the external IPS DNS Servers at system>general. Assign your Domain DNS to the clients (you already do that). Also make sure your WAN connection is up and usable during that state. Try pinging an IP like 64.233.187.99 (google.com) while your DNS is down. The systemlogs only show that the DNS was lost and that different processes were not able to resolve IPs due to that for example to run an ntp time sync. Finally check your local DNS for interoperability. Eventprotocols might help you here.
Well now I don't think it has to do with the DNS….. just not sure because so much weired stuff is happening. I swapped NIC's and that did not help.
About 15 minutes ago the internet dropped again. So I logged in to the router and reset it. Then not even 10 minutes we stopped getting internet again. So I went to log into the router and I could not even ping it. I had to go to one of my servers that are on the second LAN and log in that way and reset it. It's like its getting overloaded........ Every time we drop odd things happen... Sometimes I can ping the router others I can not ping it at all and I'm talking about on the main LAN interface.......
Under the General I put in a second DNS IP that of the external internet.... it has not helped.....
-
Just for kicks, increase the maximum statelimit at system>advanced to a higher value. This is only limited by your RAM. Search the forum on how to calculate how much states you can push with the amount of ram that your machine has. Bill has described this somewhere. Also set the firewalloptimizations to aggressive. This can also be found at system>advanced.
-
Just for kicks, increase the maximum statelimit at system>advanced to a higher value. This is only limited by your RAM. Search the forum on how to calculate how much states you can push with the amount of ram that your machine has. Bill has described this somewhere. Also set the firewalloptimizations to aggressive. This can also be found at system>advanced.
Ok I will try that. It is really bad today. I have had everything drop about 3 times within 5 minutes. I have rebooted it about 10 times already today. On the last reboot it went down instatly.
As a reminder I have 3 NICs, 2 LAN and one WAN. Main LAN is our office 192.168.2.0, second LAN is 192.168.1.0.
So I have up 3 command windows pinging 192.168.2.3 (Router IP on Main LAN), another pinging 192.168.1.195 ( our domain/DNS server), and another pinging www.yahoo.com. As of right now I have everyone on the Office using the router as the DNS now. When everything is about to crash on us I will look at my pings and what I see is….
Most the time I the ping that is pinging the 192.168.1.195 is not getting a request. But I will still have internet becasue I changed it that my computer uses the router as the DNS. Then sometimes I will lose ping to the 192.168.1.195 and I will be ping the router just fine but I can not log into the web console.
I go in to one of the servers on the 192.168.1.1 and I am able to get on to the web console just fine and reboot it.
Right now it is crashing about every minute. I get it booted up and then it crashes.
On the DOS console it says........ sk2 watchdog timeout
-
On the DOS console it says…..... sk2 watchdog timeout
Try a different NIC/NICS. Intel NICS work great in FreeBSD.
-
On the DOS console it says…..... sk2 watchdog timeout
Try a different NIC/NICS. Intel NICS work great in FreeBSD.
LOL sucks becasue its live right now so all my employees are freaking out. lol i love it. Any way the NICs I'm using are D-Link DGE-530T High performance Networking 10/100/1000
-
-
Depending on your needs grab a 10/100 or 10/100/1000. Intel cards are supported pretty good by freebsd. If you don't have need for a multiportcard you should be able to get them for small money.