Since 3 days: Unable to check for updates
-
Look at ifconfig -a, arp -a, and netstat -rn
What has the MAC of 00:01:5c:31:0d:80 ?
Does a capture of a LAN host going to the snapshots site also look the same?
-
00:01:5c:31:0d:80 is the cable provider gateway
ifconfig -a
em0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:0f:c9:04:db:6a media: Ethernet autoselect status: no carrier em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:0f:c9:04:db:6b media: Ethernet autoselect status: no carrier em2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:0f:c9:04:db:6c media: Ethernet autoselect status: no carrier em3: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:0f:c9:04:db:6d media: Ethernet autoselect status: no carrier em4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:0f:c9:04:db:6e inet 10.19.0.10 netmask 0xffffff00 broadcast 10.19.0.255 inet6 fe80::20f:c9ff:fe04:db6e%em4 prefixlen 64 scopeid 0x5 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em5: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:0f:c9:04:db:6f inet6 fe80::20f:c9ff:fe04:db6f%em5 prefixlen 64 scopeid 0x6 inet 178.26.171.103 netmask 0xfffffc00 broadcast 178.26.171.255 inet 192.168.100.199 netmask 0xffffff00 broadcast 192.168.100.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active pflog0: flags=100 <promisc>metric 0 mtu 33128 enc0: flags=0<> metric 0 mtu 1536 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128</performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></broadcast,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></broadcast,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></broadcast,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></broadcast,simplex,multicast>arp -a
178-26-171-103-dynip.superkabel.de (178.26.171.103) at 00:0f:c9:04:db:6f on em5 permanent [ethernet] ? (192.168.100.199) at 00:0f:c9:04:db:6f on em5 permanent [ethernet] 178-26-171-254-dynip.superkabel.de (178.26.171.254) at 00:01:5c:31:0d:80 on em5 expires in 1184 seconds [ethernet] pfsense.hq1.local (10.19.0.10) at 00:0f:c9:04:db:6e on em4 permanent [ethernet] switch1.hq1.local (10.19.0.1) at 00:24:a8:d1:b1:c0 on em4 expires in 866 seconds [ethernet]netstat -rn
[2.0-BETA4][admin@pfsense.hq1.local]/root(6): netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 178.26.171.254 UGS 0 13160 em5 8.8.8.8 178.26.171.254 UGHS 0 140 em5 10.0.0.0/8 10.19.0.1 UGS 0 54465 em4 10.19.0.0/24 link#5 U 0 439 em4 10.19.0.10 link#5 UHS 0 0 lo0 83.169.185.33 00:0f:c9:04:db:6f UHS 0 0 em5 83.169.185.97 00:0f:c9:04:db:6f UHS 0 0 em5 127.0.0.1 link#9 UH 0 281 lo0 172.16.0.0/12 10.19.0.1 UGS 0 1917 em4 178.26.168.0/22 link#6 U 0 431 em5 178.26.171.103 link#6 UHS 0 0 lo0 192.168.0.0/16 10.19.0.1 UGS 0 12346 em4 192.168.100.0/24 link#6 U 0 22 em5 192.168.100.199 link#6 UHS 0 0 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%em4/64 link#5 U em4 fe80::20f:c9ff:fe04:db6e%em4 link#5 UHS lo0 fe80::%em5/64 link#6 U em5 fe80::20f:c9ff:fe04:db6f%em5 link#6 UHS lo0 fe80::%lo0/64 link#9 U lo0 fe80::1%lo0 link#9 UHS lo0 ff01:5::/32 fe80::20f:c9ff:fe04:db6e%em4 U em4 ff01:6::/32 fe80::20f:c9ff:fe04:db6f%em5 U em5 ff01:9::/32 ::1 U lo0 ff02::%em4/32 fe80::20f:c9ff:fe04:db6e%em4 U em4 ff02::%em5/32 fe80::20f:c9ff:fe04:db6f%em5 U em5 ff02::%lo0/32 ::1 U lo0from lan:
18:19:31.088984 00:0f:c9:04:db:6f > 00:01:5c:31:0d:80, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 126, id 29945, offset 0, flags [DF], proto TCP (6), length 48) 178.26.171.103.61899 > 69.64.6.6.80: Flags [s], cksum 0xf5e8 (correct), seq 465221272, win 8192, options [mss 1460,nop,nop,sackOK], length 0 18:19:31.214411 00:01:5c:31:0d:80 > 00:0f:c9:04:db:6f, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 44, id 36224, offset 0, flags [DF], proto TCP (6), length 48) 69.64.6.6.80 > 178.26.171.103.61899: Flags [S.], cksum 0xe973 (correct), seq 3346687466, ack 465221273, win 65535, options [mss 1460,sackOK,eol], length 0 18:19:31.214864 00:0f:c9:04:db:6f > 00:01:5c:31:0d:80, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 126, id 9312, offset 0, flags [DF], proto TCP (6), length 40) 178.26.171.103.61899 > 69.64.6.6.80: Flags [.], cksum 0x1a46 (correct), seq 1, ack 1, win 64240, length 0 18:19:34.538216 00:0f:c9:04:db:6f > 00:01:5c:31:0d:80, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 126, id 29286, offset 0, flags [DF], proto TCP (6), length 40) 178.26.171.103.61899 > 69.64.6.6.80: Flags [F.], cksum 0x1a45 (correct), seq 1, ack 1, win 64240, length 0 18:19:34.663185 00:01:5c:31:0d:80 > 00:0f:c9:04:db:6f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 44, id 26650, offset 0, flags [DF], proto TCP (6), length 40) 69.64.6.6.80 > 178.26.171.103.61899: Flags [.], cksum 0x1536 (correct), seq 1, ack 2, win 65535, length 0 18:19:34.663281 00:01:5c:31:0d:80 > 00:0f:c9:04:db:6f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 44, id 3364, offset 0, flags [DF], proto TCP (6), length 40) 69.64.6.6.80 > 178.26.171.103.61899: Flags [F.], cksum 0x1535 (correct), seq 1, ack 2, win 65535, length 0 18:19:34.663614 00:0f:c9:04:db:6f > 00:01:5c:31:0d:80, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 126, id 43592, offset 0, flags [DF], proto TCP (6), length 40) 178.26.171.103.61899 > 69.64.6.6.80: Flags [.], cksum 0x1a44 (correct), seq 2, ack 2, win 64240, length 0 [/s] -
This appears to be the same problem I'm seeing. TCP / UDP traffic is blocked if it originates from the pfSense box, but traffic passes fine from all other interfaces. Routing looks correct. I can post details as well if that will help.
My WAN IP is assigned via PPPoE.
-
Under System > Advanced on the Network tab, ensure that the boxes are checked to disable hardware checksums, tso, and lro.
If they're already disabled, try enabling them, though from the ifconfig output, Checksums and TSO appear enabled.
-
I tried on and off and rebooted.
-
System 1 [i386]:
em0: <intel(r) 1000="" pro="" network="" connection="" 7.1.8=""> port 0x9f00-0x9f1f mem 0xfd9c0000-0xfd9dffff,0xfd9fc000-0xfd9fffff irq 16 at device 0.0 on pci1 em0: Using MSIX interrupts with 3 vectors em1: <intel(r) 1000="" pro="" network="" connection="" 7.1.8=""> port 0xdf00-0xdf1f mem 0xfd5c0000-0xfd5dffff,0xfd5fc000-0xfd5fffff irq 17 at device 0.0 on pci2 em1: Using MSIX interrupts with 3 vectors em2: <intel(r) 1000="" pro="" network="" connection="" 7.1.8=""> port 0xcf00-0xcf1f mem 0xfddc0000-0xfdddffff,0xfddfc000-0xfddfffff irq 18 at device 0.0 on pci3 em2: Using MSIX interrupts with 3 vectors em3: <intel(r) 1000="" pro="" network="" connection="" 7.1.8=""> port 0xbf00-0xbf1f mem 0xfdbe0000-0xfdbfffff,0xfdbc0000-0xfdbdffff irq 19 at device 0.0 on pci4 em3: Using an MSI interrupt em4: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3=""> port 0xaf00-0xaf3f mem 0xfd8e0000-0xfd8fffff irq 19 at device 10.0 on pci5 em4: [FILTER] em5: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3=""> port 0xae00-0xae3f mem 0xfd8c0000-0xfd8dffff irq 18 at device 11.0 on pci5 em5: [FILTER]</intel(r)></intel(r)></intel(r)></intel(r)></intel(r)></intel(r)>System 2: [amd64]
rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto em0: <intel(r) 1000="" pro="" network="" connection="" 7.1.8="">port 0xc200-0xc21f mem 0xf30c0000-0xf30dffff,0xf3000000-0xf307ffff,0xf3100000-0xf3103fff irq 36 at device 5.0 on pci0 em0: Using MSIX interrupts with 3 vectors em1: <intel(r) 1000="" pro="" network="" connection="" 7.1.8="">port 0xc220-0xc23f mem 0xf30e0000-0xf30fffff,0xf3104000-0xf3107fff irq 40 at device 6.0 on pci0 em1: Using MSIX interrupts with 3 vectors</intel(r)></intel(r)></realtek> -
sysctl -a | grep tso
The values don't change if i change it in the gui.net.inet.tcp.tso: 1 hw.bce.tso_enable: 1 dev.em.0.mac_stats.tso_txd: 0 dev.em.0.mac_stats.tso_ctx_fail: 0 dev.em.1.mac_stats.tso_txd: 0 dev.em.1.mac_stats.tso_ctx_fail: 0 dev.em.2.mac_stats.tso_txd: 0 dev.em.2.mac_stats.tso_ctx_fail: 0 dev.em.3.mac_stats.tso_txd: 0 dev.em.3.mac_stats.tso_ctx_fail: 0 dev.em.4.mac_stats.tso_txd: 0 dev.em.4.mac_stats.tso_ctx_fail: 0 dev.em.5.mac_stats.tso_txd: 0 dev.em.5.mac_stats.tso_ctx_fail: 0 -
I have an amd64 firmware I built without a certain patch that was added last week. It has fixed a few issues for me and I'm curious if it would fix them for you as well.
Try to load this firmware on the amd64 system (be sure to grab a config backup just in case) and see if the behavior changes. I'm running this firmware on an amd64 VM of mine so it should be OK.
http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101212-2328.tgz
Either try that with a console update by URL, or if that doesn't work, download it to a client machine and then upload it using the GUI.
-
The amd64 system is off-site.
And i couldn't be there the next 3 days.
You don't have the i386 version? -
No, I don't have an i386 builder setup on my workstation right now. I might be able to set one up but it probably wouldn't be today.
-
OK, I got one for i386 done now.
The URLs for both are:
amd64 - http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101212-2328.tgz
i386 - http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101214-1319.tgz
Give it a try, see if it helps.
-
Do these snaps come online so one can update?
I just cant get the 2.0 running…..everything seems fine, but it aint routing....
Dont have any logs, because I got so pissed that I deleted the VM :D
-
Do these snaps come online so one can update?
I just cant get the 2.0 running…..everything seems fine, but it aint routing....
Dont have any logs, because I got so pissed that I deleted the VM :D
The links I posted are not full installs, just firmware updates, and they were only intended to be used to assist the person who started this thread. If your problem isn't exactly the same, start a new thread.
-
Thx buddy!
I did…
http://forum.pfsense.org/index.php/topic,31066.0.html
:)
Do these snaps come online so one can update?
I just cant get the 2.0 running…..everything seems fine, but it aint routing....
Dont have any logs, because I got so pissed that I deleted the VM :D
The links I posted are not full installs, just firmware updates, and they were only intended to be used to assist the person who started this thread. If your problem isn't exactly the same, start a new thread.
-
I've installed the i386 update and that has solved the problem for me. Thanks JimP!
-
Thank you.
It's working.
What's the trick? -
There is a patch meant to fix pf's behavior with TSO and checksums, but it seems to be causing a few other problems.
EDIT: I disabled the patch in the repo and have a new snapshot building now. The next new snapshot dated after this update should be OK.
