Problems with 1.2.3 and interfaces.
-
Hello,
I installed 1.2.3 from the livecd to a usb stick without any problems. I selected the default install and rebooted into pfs without any problems. The problem I have is accessing the webconfigurator. I have a cable business account with 8 static IPs but to configure pfs I need to access the gui first.
Here is what I have done:
1. Installed pfs into usb stick (default installation)
2. Assigned my asus m2n32-sli vista edition mobo's two nics to LAN and WAN fwe0 and fwip0 (pfs option 1)
3. Changed the LAN setup to 192.168.0.1/24 and no DHCP server (pfs option 2)
4. Try to access the gui from any another computer in the LAN resulted in failure.My setup is as follow pfs LAN and client computer connected to cisco 2950 switch. pfs WAN directly connected to cable modem where I can get all the 8 static IPs (sort of bridged configuration). Also tried connecting the client directly to the pfs box with a straight and crossover cable no luck.
Now if I go to pfs shell (pfs option 8) and ping my local interfaces (12.0.0.1 and 192.168.0.1) i get the echo back if I ping other computers on the LAN side (echo enabled) I don't get any echoes back.
netstat -r show (ip4)
Dest Gateway flags refs use neif expire
67.79.x.x link#2 UC 0 0 fwip0
localhost localhost UH 0 2065 lo0
192.168.0.0 link#1 UC 0 0 fwe0I've tried with another asus m4a77d and an additional 3com nic same problem.
Any ideas?
Thanks
-
What is the IP address, network mask and default gateway of the computers on the LAN?
If these aren't set correctly the LAN computers won't be able to access pfSense. Given how you have configured pf Sense your LAN computers should have an IP address of the form 192.168.0.x (x between 2 and 254), network mask of 255.255.255.255 and default gateway of 192.168.0.1.
I find it easier to have all my LAN computers use DHCP to get an IP address because the other two parameters get set correctly automatically.
-
What is the IP address, network mask and default gateway of the computers on the LAN?
If these aren't set correctly the LAN computers won't be able to access pfSense. Given how you have configured pf Sense your LAN computers should have an IP address of the form 192.168.0.x (x between 2 and 254), network mask of 255.255.255.255 and default gateway of 192.168.0.1.
I find it easier to have all my LAN computers use DHCP to get an IP address because the other two parameters get set correctly automatically
Thanks for the fast reply,
To troubleshoot this I isolated the pfs box and only one client (mac mini) connected to a cheap netgear switch.
So here is the setup:
1. pfs box 192.168.0.1/24 and now with DHCP enabled.
2a. MacMini with DHCP enabled was unable to get the address from the pfs box. Defaults to internal IP
2b. McMini with static IP assignment 192.168.0.23/24 gateway 192.168.0.1. Unable to access pfs GUITried to ping pfs box and use tcpdump fwe0 and no packets reach the pfs box. Interfaces on pfs box are up (lights are on).
I'm at a loss here.
UPDATE
Turns out that the netgear is not a switch but a hub so I connected a computer running wireshark to trace the packets and it seems that the pfsense box is completeley mute. There is absolutely no activity on the pfsense box interfaces, no DHCP traffic, no ARP traffic no nothing. I can see the MacMini requesting the DHCP address and ARP but the pfsense box continues to be silent.I wonder if this is a nic conflict with pfsense or a configuration issue?
-
Maybe your hardware is broken in some way. Please provide the output of the shell commands:
# ifconfig -a # netstat -i # vmstat -i
to verify the interface has gone into half duplex to match the hub, to see if any traffic (including errored frames) has been seen on the interface and see if the CPU has acknowledged any interrupt requests from the NICs.
Do you have another NIC you could try as LAN? If not, do you see anything different if you swap the roles of LAN and WAN? (Option 1 from pfSense console.)
Is the hub 100bps capable?
-
Maybe your hardware is broken in some way. Please provide the output of the shell commands:
# ifconfig -a # netstat -i # vmstat -i
to verify the interface has gone into half duplex to match the hub, to see if any traffic (including errored frames) has been seen on the interface and see if the CPU has acknowledged any interrupt requests from the NICs.
Do you have another NIC you could try as LAN? If not, do you see anything different if you swap the roles of LAN and WAN? (Option 1 from pfSense console.)
Is the hub 100bps capable?
Yes, something is not compatible between the ASUS M2N32-SLI vista edition and PFSense. Too bad because I had this mobo laying around waiting for a good project and with dual gigabit ethernet ports pfsense was the ideal solution.
I tried PFSense with a different mobo (ASUS A7N8X-E) with one gigabit and one 10/100 ethernet ports, with this mobo pfsense works great.
Hub is a netgear DS108 10/100. Tomorrow I'll try a 3com and see if it works, in the mean time here is the info. I'd really like to get this mobo runing with PFsense since it has two gigabit lan ports.
ifconfig output
fwe0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=8 <vlan_mtu>ether 02:11:d8:39:8e:83
inet6 fe80::11:d8ff:fe39:8e83%fwe0 prefixlen 64 scopeid 0x1
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
ch 1 dma 0
fwip0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
lladdr 0.11.d8.0.1.39.8e.83.a.2.ff.fe.0.0.0.0
inet6 fe80::211:d800:139:8e83%fwip0 prefixlen 64 scopeid 0x2
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
nfe0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=19b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4>ether 00:1a:92:d3:e9:d3
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nfe1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=19b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4>ether 00:1a:92:d3:f3:63
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
enc0: flags=0<> metric 0 mtu 1536
pfsync0: flags=41 <up,running>metric 0 mtu 1460
pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4></broadcast,simplex,multicast></up,broadcast,running,simplex,multicast></vlan_mtu></up,broadcast,running,promisc,simplex,multicast>netstat output
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll fwe0 1500 <link#1>02:11:d8:39:8e:83 0 0 6 0 0 fwe0 1500 fe80:1::11:d8 fe80:1::11:d8ff:f 0 - 1 - - fwe0 1500 192.168.1.0 pfSense 0 - 0 - - fwip0 1500 <link#2>00:11:d8:00:01:39:8e:83:0a:02:ff:fe:00:00:00:00 0 0 2 0 0 fwip0 1500 fe80:2::211:d fe80:2::211:d800: 0 - 1 - - fwip0 1500 0.0.0.0 0.0.0.0 0 - 0 - - nfe0* 1500 <link#3>00:1a:92:d3:e9:d3 0 0 0 0 0 nfe1* 1500 <link#4>00:1a:92:d3:f3:63 0 0 0 0 0 lo0 16384 <link#5>1090 0 1090 0 0 lo0 16384 your-net localhost 1090 - 1090 - - lo0 16384 ::1 ::1 0 - 0 - - lo0 16384 fe80:5::1 fe80:5::1 0 - 0 - - enc0* 1536 <link#6>0 0 0 0 0 pfsyn 1460 <link#7>0 0 0 0 0 pflog 33204 <link#8>0 0 0 0 0</link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1>
vmstat output
interrupt total rate irq1: atkbd0 1168 1 irq6: fdc0 56 0 irq14: ata0 69 0 irq16: fwohci0+ 11 0 irq21: ohci0+ 305 0 irq22: ehci0 11015 11 cpu0: timer 1970124 1998 cpu1: timer 1953770 1981 Total 3936518 3992
-
Ah, now I see the problem. You have configured interfaces fwe0 and fwip0. fwe is for ethernet emulation over firewire and fwip is for IP over firewire. I guess your motherboard has a firewire controller.
From everything you have said about your configuration you should be attempting to use the "real" ethernet interfaces nfe0 and nfe1 rather than fwe0 and fwip0
It looks as if something recognisable as ethernet is plugged into nfe0 (status active) but not nfe1.
-
Ah, now I see the problem. You have configured interfaces fwe0 and fwip0. fwe is for ethernet emulation over firewire and fwip is for IP over firewire. I guess your motherboard has a firewire controller.
From everything you have said about your configuration you should be attempting to use the "real" ethernet interfaces nfe0 and nfe1 rather than fwe0 and fwip0
It looks as if something recognisable as ethernet is plugged into nfe0 (status active) but not nfe1.
I did wonder why I had those interfaces. I'll try to use the real interfaces after lunch and I'll post the results.
UPDATE
Ok, I reassigned the interfaces (pfs option 1) but now instead of auto-detecting the interfaces I forced the LAN to use nfe0 and the WAN to use nfe1. That did the trick.Everything seems to be working as expected.
Thanks!
-
Thanks for reporting back. Bit of a trap that auto-detect and the firewire interfaces.