Traffic stops on bridged OPT1 interface but works on LAN and WAN interface.
-
I am trying to solve a problem but am stuck, pfSense is new to me but firewalling is not. I have a setup that works almost perfectly but have an annoying problem I would appreciate help to get around.
Here is the setup:
I am sharing server room with a friend and he has a Firewall/VPN router installed. We have three static IP-addresses and his router is using two of them. Previously his router was connected directly to a ADSL-modem. Now I have added a pfSense 1.2.3-RELEASE connected with WAN port to the ADSL-modem, LAN port to my LAN and OPT1 via a bridge to WAN to my friends router.
Except for traffic intermittently hanging/stopping on my friends LAN behind his router everything works flawlessly. If I reboot the pfSense his traffic works again. Same thing if I disconnect the cable between his router and the OPT1 interface and put it back in again seconds later.
So far I have changed out cables, swapped NIC's around in the pfSense to no avail.
A few things that I have noted are that I am getting collisions on the OPT1 interface but not on the others.
pfSense reports OPT1 as "100baseTX" and the other interfaces as "100baseTX <full-duplex>" but the router my friend is using says it is running it's interface on full duplex. Is it possible to force the interface to full duplex in pfSense?TIA for any replys.
Anders</full-duplex>
-
On your friend's router is the interface to pfSense set to 100Mbps Full Duplex so it doesn't negotiate? If so, can it be set to negotiate?
-
On your friend's router is the interface to pfSense set to 100Mbps Full Duplex so it doesn't negotiate? If so, can it be set to negotiate?
I could change it but would prefer to not change anything on his router. Isn't there a way to set the interface to full duplex in pfSense?
-
You can do it by shell command from the console or ssh session but that will disappear on reboot. There is probably a startup script you could add the command to but I don't know if that will survive a firmware upgrade.
You could edit the configuration file (/cf/conf/config.xml) but I don't know if that will survive a configuration change.
The command```
#ifconfig zz0 mediaopt full-duplex -
Thanks for the reply!
I picked up a third D-Link DFE-530TX NIC today and will replace the older Intel Pro100 (or similar name).
I have been running a few more stress tests and can only replicate the problem intentionally when it is warm in the server room. A theory is that it is heat related and since I am only having problem on one NIC I will have all of them identical. The server room is for economical reasons not having full AC power 24/7 and all other equipment is running stable. The old PC I am using has been in this room since 1998, I had to junk the hard drives since the bearings were making an aweful noise and fan in the power supply was tired from over 10 years of always on.. :)
Since the VPN router is an old Intel Netstructure 2110 with an Intel NIC I figured it should have no problem autosensing with the Intel card in the pfSense box (P3 Intel mobo and NIC)
I hate chasing intermittent problems, and to be honest I think I have a vague memory of the Intel Netstructure 2110 having problems autosensing back in the day. I worked with those units when they where just taken over from Shiva in the late 1990's. The info from those days sure is buried deep among the elders of the internet.. :)
Will report back when I have tested the new NIC.
-
Just wanted to report back that the problem has gone away.
Not really sure why but my best guess is that it is heat related. Have been unable re-create the problem.