Troubleshooting possible NIC issues
-
Hey everyone,
I seem to be getting some packet errors on one of my interfaces in my box. I've attached a screenshot of the interface showing the error count. Can anyone give me a possible direction into troubleshooting this issue? I've began to notice it interrupting my connections to my 'Server' subnet routed through the firewall. I'm connected to the firewall through the LAN interface, and am trying to access a server on my 'Server' subnet. I run multiple RDP sessions at a time, and notice that they'll lose connection every now and then. I'll regain connection on the first re-connect attempt, but I don't like the fact that it's happening in the first place. I've also noticed it while browsing the web, it will time out on websites, cut off downloads, etc…
I'm going to backup/restore my pfSense configuration to new hardware, but I would like to use this current box as redundancy. It would be nice to figure out if it's a hardware problem, or a driver problem. Any possible assistance would be great, thanks all!
- Adam
- Adam
-
Problems like this (in general, not pfSense specific) are usually caused by hardware, at least if they're isolated to a single machine. I'd first look at the cabling, if possible connect the box directly to the switch with a different cable and bypassing any structured cabling. If that doesn't narrow down the problem, test a different switch port. If you're still having trouble, make sure (if you're using a managed switch) that the port is set to Autonegotiation for speed; you may try forcing 100/full on the switch and doing the same in pfSense. Finally, try swapping the NICs (WAN for LAN and vice versa) in pfSense and see if the problem follows the physical interface. If none of that solves the problem, I'd swap out the crummy Realtek NIC for something better, but I'd wager this is a cabling issue.
-
Thanks for the advice, ktims! I'll try all those steps and see if I can narrow it down.
Unfortunately I cannot swap the NIC cards as it's a micro PC that was developed by another firewall vendor and they are built into the motherboard. I just wiped the HDD and threw good ol' pfSense on it! ;D
-
I agree with ktim…I dont think it's pfSense/FreeBSD...seems to be related to that 2nd NIC (RE1)...so it looks like hardware or cabling, or port speed if it's a managed switch. It looks like the software is fine because the other 2 NICs have no errors.
Good luck!
-
Hey guys, so I made a fresh new network cable (fully tested), I also changed the switch that sits behind RE1. So far no good, I'm still dropping packets… all my servers (RE2 - 192.168.99.0/24) lose connectivity to my LAN subnet (RE1 - 192.168.0.0/24) for around 5-10 seconds when this happens. I've noticed in the System log I've been getting "kernel: re1: watchdog timeout" messages every once in awhile. What exactly would cause this? Can it be fixed with some kind of configuration change, or am I stuck with a bad NIC?
Thanks!
- Adam
-
What version of pfSense are you using?
It may be worth trying 1.2.3 - see http://blog.pfsense.org/?p=377
-
wallabybob,
Thanks, I'll try that this weekend and see how it goes.
I just thought of something, I installed the embedded version because this box uses a MiniATX board, and I figured it used an embedded processor. Looking into the hardware more, pfSense is reporting it as a "VIA C7 Esther". Wikipedia shows that it's a desktop processor, do you think this hardware would be compatible with the normal version? Would using the embedded version be more susceptible to these types of issues?
Thanks,
- Adam -
Well first of all you're using the notoriously terrible Realtek NICs. You should really consider upgrading them to something decent, like an Intel. They're dirt cheap on eBay.
If you're stuck with the Realtek, this problem appears to be fairly common, but some have reported success by disabling ACPI, you could try that. 1.2.3 is definitely worth a try as well; this driver has been significantly revamped since 7.0. Also, I ran an re NIC on 1.2.3 temporarily in production (~75mbit peak) for a couple weeks while waiting on an em NIC from eBay and had no issues.
-
Thanks for the advice, ktims. I'm currently in the process of moving to new hardware, but have been facing some issues there as well (most likely on the ISP's end… I have a post about it in the NAT forum). My current box is a little Astaro box that I immediately put pfSense on. It has no pci/pci-e slots for more NICS =(
- Adam
-
realtek gave me so much trouble with all versions of pfsense that i bought a dual port intel card off ebay…..best thing i did regarding pfsense, it increased my speed and i haven't had any problems sense
-
Hey everyone, thanks very much for all the responses. I finally got everything moved over to a 1u unit w/ 2 onboard Intel NICs (fxp), and a Sun Quad NIC (hme). Everything seems to be working great after 24 hours with no dropped packets, woohoo!
-
glad to hear it…i moved to intel nics too though mine use the em driver
had nothing but good luck with them -
This problem may be resolved, but we need testers. The patch was for a Realtek 8139C+ chip specifically (which are also present on Firebox X series devices).
Please see http://forum.pfsense.org/index.php/topic,15669.0.html