Can someone help me troubleshoot this simple setup?
-
I have PFSense 2.0 on a box that was running Mikrotik 100% fine.
I've stripped all packages except the bandwidthd and mailer packages and this firewall is still having issues.
It seems to be completely random and only after a few hours of usage. The firewall will completely stop working. I cant ping it, cant get online, and it wont start working till I power cycle it.
There is nothing special about this setup. All I've done was install PFSense onto the hard drive, setup 2 WAN in a single 192.168.0.* LAN
WAN1 ( Cable internet dynamic ip
WAN2 ( dsl internet static ip)
Routing group (INTERWEBS)
LAN ( 192.168.0.* )I've had my DSL connection drop once already and I never even noticed because the fail over worked perfectly.
The only firewall rule I have is just the modified stock rule telling it all LAN goes out thru the gateway group INTERWEBS
Can someone help me go thru troubleshooting why this system is so unstable?
Heres a copy and paste of the current system log:
Nov 10 18:40:39 syslogd: kernel boot file is /boot/kernel/kernel
Nov 10 18:40:39 syslogd: exiting on signal 15
Nov 10 18:40:39 check_reload_status: Syncing firewall
Nov 10 18:33:32 check_reload_status: Syncing firewall
Nov 10 18:32:02 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.100, desc='8331ADB')
Nov 10 18:32:02 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.100, desc='8331ADB')
Nov 10 18:32:02 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.100, desc='8331ADA')
Nov 10 18:32:02 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.100, desc='8331ADA')
Nov 10 18:31:01 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.101, desc='4969AEB')
Nov 10 18:31:01 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.101, desc='4969AEB')
Nov 10 18:31:01 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.101, desc='4969AEA')
Nov 10 18:31:01 miniupnpd[4733]: NewLeaseDuration=86400 not supported, ignored. (ip=192.168.0.101, desc='4969AEA')
Nov 10 18:28:23 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Nov 10 18:28:23 apinger: Error while feeding rrdtool: Broken pipe
Nov 10 18:27:35 check_reload_status: Reloading filter
Nov 10 18:27:35 sshlockout[18876]: sshlockout/webConfigurator v3.0 starting up
Nov 10 18:27:35 login: login on ttyv0 as root
Nov 10 18:27:33 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Nov 10 18:27:31 dnsmasq[59136]: ignoring nameserver 127.0.0.1 - local interface
Nov 10 18:27:31 dnsmasq[59136]: ignoring nameserver 127.0.0.1 - local interface
Nov 10 18:27:31 dnsmasq[59136]: using nameserver 71.2.28.14#53
Nov 10 18:27:31 dnsmasq[59136]: using nameserver 63.162.197.69#53
Nov 10 18:27:31 dnsmasq[59136]: using nameserver 24.217.201.67#53
Nov 10 18:27:31 dnsmasq[59136]: using nameserver 24.178.162.3#53
Nov 10 18:27:31 dnsmasq[59136]: reading /etc/resolv.conf
Nov 10 18:27:27 php: : Restarting/Starting all packages.
Nov 10 18:27:26 miniupnpd[4733]: HTTP listening on port 2189
Nov 10 18:27:26 miniupnpd[4733]: HTTP listening on port 2189
Nov 10 18:27:26 php: : miniupnpd: Starting service on interface: lan
Nov 10 18:27:26 php: : Creating rrd update script
Nov 10 18:27:24 check_reload_status: Restarting ipsec tunnels
Nov 10 18:27:23 apinger: Starting Alarm Pinger, apinger(15746)
Nov 10 18:27:23 check_reload_status: Reloading filter
Nov 10 18:27:22 apinger: Exiting on signal 15.
Nov 10 18:27:22 php: : Removing static route for monitor 8.8.8.8 and adding a new route through 65.41.165.129
Nov 10 18:27:22 php: : Removing static route for monitor 8.8.4.4 and adding a new route through 75.130.176.1
Nov 10 18:27:22 php: : ROUTING: setting default route to 75.130.176.1
Nov 10 18:27:22 php: : rc.newwanip: on (IP address: 75.130.181.191) (interface: opt2) (real interface: vr0).
Nov 10 18:27:22 php: : rc.newwanip: Informational is starting vr0.
Nov 10 18:27:22 php: : OpenNTPD is starting up.
Nov 10 18:27:21 dnsmasq[59136]: read /etc/hosts - 5 addresses
Nov 10 18:27:21 dnsmasq[59136]: ignoring nameserver 127.0.0.1 - local interface
Nov 10 18:27:21 dnsmasq[59136]: ignoring nameserver 127.0.0.1 - local interface
Nov 10 18:27:21 dnsmasq[59136]: using nameserver 71.2.28.14#53
Nov 10 18:27:21 dnsmasq[59136]: using nameserver 63.162.197.69#53
Nov 10 18:27:21 dnsmasq[59136]: using nameserver 24.217.201.67#53
Nov 10 18:27:21 dnsmasq[59136]: using nameserver 24.178.162.3#53
Nov 10 18:27:21 dnsmasq[59136]: reading /etc/resolv.conf
Nov 10 18:27:21 dnsmasq[59136]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Nov 10 18:27:21 dnsmasq[59136]: started, version 2.55 cachesize 10000
Nov 10 18:27:21 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such file or directory.
Nov 10 18:27:21 check_reload_status: Updating all dyndns
Nov 10 18:27:21 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such file or directory.
Nov 10 18:27:21 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Nov 10 18:27:21 dhcpd: All rights reserved.
Nov 10 18:27:21 dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Nov 10 18:27:21 dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1
Nov 10 18:27:21 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such file or directory.
Nov 10 18:27:20 php: : ROUTING: setting default route to 75.130.176.1
Nov 10 18:27:18 apinger: Starting Alarm Pinger, apinger(40443)
Nov 10 18:27:17 php: : Removing static route for monitor 8.8.8.8 and adding a new route through 65.41.165.129
Nov 10 18:27:17 php: : Removing static route for monitor 8.8.4.4 and adding a new route through 75.130.176.1
Nov 10 18:27:17 kernel: pflog0: promiscuous mode enabled
Nov 10 18:27:17 kernel: WARNING: R/W mount of / denied. Filesystem is not clean - run fsck
Nov 10 18:27:17 kernel: WARNING: / was not properly dismounted
Nov 10 18:27:17 kernel: Trying to mount root from ufs:/dev/ad0s1a
Nov 10 18:27:17 kernel: SMP: AP CPU #1 Launched!
Nov 10 18:27:17 kernel: acd0: CDROM <atapi-cd rom-drive-56max="" ver="" 56ja="">at ata1-master UDMA33
Nov 10 18:27:17 kernel: GEOM: ad0s1: geometry does not match label (16h,63s != 16h,255s).
Nov 10 18:27:17 kernel: GEOM: ad0: partition 1 does not end on a track boundary.
Nov 10 18:27:17 kernel: GEOM: ad0: partition 1 does not start on a track boundary.
Nov 10 18:27:17 kernel: ad0: 76319MB <seagate st380011a="" 3.08="">at ata0-master UDMA100
Nov 10 18:27:17 kernel: IPsec: Initialized Security Association Processing.
Nov 10 18:27:17 kernel: Timecounters tick every 1.000 msec
Nov 10 18:27:17 kernel: p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
Nov 10 18:27:17 kernel: device_attach: est1 attach returned 6
Nov 10 18:27:17 kernel: est: cpu_vendor GenuineIntel, msr 102d0000102d
Nov 10 18:27:17 kernel: est: CPU supports Enhanced Speedstep, but is not recognized.
Nov 10 18:27:17 kernel: est1: <enhanced speedstep="" frequency="" control="">on cpu1
Nov 10 18:27:17 kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
Nov 10 18:27:17 kernel: acpi_perf0: <acpi cpu="" frequency="" control="">on cpu0
Nov 10 18:27:17 kernel: ppc0: parallel port not found.
Nov 10 18:27:17 kernel: atkbd0: [ITHREAD]
Nov 10 18:27:17 kernel: atkbd0: [GIANT-LOCKED]
Nov 10 18:27:17 kernel: kbd0 at atkbd0
Nov 10 18:27:17 kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
Nov 10 18:27:17 kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
Nov 10 18:27:17 kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Nov 10 18:27:17 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
Nov 10 18:27:17 kernel: sc0: <system console="">at flags 0x100 on isa0
Nov 10 18:27:17 kernel: orm0: <isa option="" rom="">at iomem 0xc0000-0xc8fff pnpid ORM0000 on isa0
Nov 10 18:27:17 kernel: pmtimer0 on isa0
Nov 10 18:27:17 kernel: atrtc0: <at realtime="" clock="">port 0x70-0x73 irq 8 on acpi0
Nov 10 18:27:17 kernel: acpi_tz0: <thermal zone="">on acpi0
Nov 10 18:27:17 kernel: vr0: [ITHREAD]
Nov 10 18:27:17 kernel: rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Nov 10 18:27:17 kernel: rlphy0: <rtl8201l 10="" 100="" media="" interface="">PHY 1 on miibus3
Nov 10 18:27:17 kernel: miibus3: <mii bus="">on vr0
Nov 10 18:27:17 kernel: vr0: Revision: 0x78
Nov 10 18:27:17 kernel: vr0: Quirks: 0x0
Nov 10 18:27:17 kernel: vr0: <via 10="" vt6102="" rhine="" ii="" 100basetx="">port 0xdc00-0xdcff mem 0xfdffd000-0xfdffd0ff irq 23 at device 18.0 on pci0
Nov 10 18:27:17 kernel: isa0: <isa bus="">on isab0
Nov 10 18:27:17 kernel: isab0: <pci-isa bridge="">at device 17.0 on pci0
Nov 10 18:27:17 kernel: ata1: [ITHREAD]
Nov 10 18:27:17 kernel: ata1: <ata 1="" channel="">on atapci0
Nov 10 18:27:17 kernel: ata0: [ITHREAD]
Nov 10 18:27:17 kernel: ata0: <ata 0="" channel="">on atapci0
Nov 10 18:27:17 kernel: atapci0: <via 8237="" udma133="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 15.0 on pci0
Nov 10 18:27:17 kernel: skc1: [ITHREAD]
Nov 10 18:27:17 kernel: e1000phy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
Nov 10 18:27:17 kernel: e1000phy1: <marvell 88e1011="" gigabit="" phy="">PHY 0 on miibus2
Nov 10 18:27:17 kernel: miibus2: <mii bus="">on sk1
Nov 10 18:27:17 kernel: sk1: <marvell semiconductor,="" inc.="" yukon="">on skc1
Nov 10 18:27:17 kernel: skc1: DGE-530T Gigabit Ethernet Adapter rev. (0x9)
Nov 10 18:27:17 kernel: skc1: <d-link dge-530t="" gigabit="" ethernet="">port 0xf400-0xf4ff mem 0xfdff4000-0xfdff7fff irq 18 at device 9.0 on pci0
Nov 10 18:27:17 kernel: skc0: [ITHREAD]
Nov 10 18:27:17 kernel: e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
Nov 10 18:27:17 kernel: e1000phy0: <marvell 88e1011="" gigabit="" phy="">PHY 0 on miibus1
Nov 10 18:27:17 kernel: miibus1: <mii bus="">on sk0
Nov 10 18:27:17 kernel: sk0: <marvell semiconductor,="" inc.="" yukon="">on skc0
Nov 10 18:27:17 kernel: skc0: DGE-530T Gigabit Ethernet Adapter rev. (0x9)
Nov 10 18:27:17 kernel: skc0: <d-link dge-530t="" gigabit="" ethernet="">port 0xf800-0xf8ff mem 0xfdff8000-0xfdffbfff irq 17 at device 8.0 on pci0
Nov 10 18:27:17 kernel: sis0: [ITHREAD]
Nov 10 18:27:17 kernel: nsphyter0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Nov 10 18:27:17 kernel: nsphyter0: <dp83815 10="" 100="" media="" interface="">PHY 0 on miibus0
Nov 10 18:27:17 kernel: miibus0: <mii bus="">on sis0
Nov 10 18:27:17 kernel: sis0: Silicon Revision: DP83816A
Nov 10 18:27:17 kernel: sis0: <natsemi 10="" dp8381[56]="" 100basetx="">port 0xfc00-0xfcff mem 0xfdfff000-0xfdffffff irq 16 at device 7.0 on pci0
Nov 10 18:27:17 kernel: vgapci0: <vga-compatible display="">mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1
Nov 10 18:27:17 kernel: pci1: <pci bus="">on pcib1
Nov 10 18:27:17 kernel: pcib1: <pci-pci bridge="">at device 1.0 on pci0
Nov 10 18:27:17 kernel: agp0: aperture size is 1024M
Nov 10 18:27:17 kernel: agp0: <via 3314="" (p4m800ce)="" host="" to="" pci="" bridge="">on hostb0
Nov 10 18:27:17 kernel: pci0: <acpi pci="" bus="">on pcib0
Nov 10 18:27:17 kernel: pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
Nov 10 18:27:17 kernel: acpi_button1: <sleep button="">on acpi0
Nov 10 18:27:17 kernel: acpi_button0: <power button="">on acpi0
Nov 10 18:27:17 kernel: cpu1: <acpi cpu="">on acpi0
Nov 10 18:27:17 kernel: cpu0: <acpi cpu="">on acpi0
Nov 10 18:27:17 kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
Nov 10 18:27:17 kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
Nov 10 18:27:17 kernel: acpi0: reservation of 100000, 3bef0000 (3) failed
Nov 10 18:27:17 kernel: acpi0: reservation of 0, a0000 (3) failed
Nov 10 18:27:17 kernel: acpi0: Power Button (fixed)
Nov 10 18:27:17 kernel: acpi0: [ITHREAD]
Nov 10 18:27:17 kernel: acpi0: <p4m80p awrdacpi="">on motherboard
Nov 10 18:27:17 kernel: padlock0: No ACE support.
Nov 10 18:27:17 kernel: cryptosoft0: <software crypto="">on motherboard
Nov 10 18:27:17 kernel: kbd1 at kbdmux0
Nov 10 18:27:17 kernel: wlan: mac acl policy registered
Nov 10 18:27:17 kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07894b0, 0) error 1
Nov 10 18:27:17 kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Nov 10 18:27:17 kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Nov 10 18:27:17 kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0789410, 0) error 1
Nov 10 18:27:17 kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Nov 10 18:27:17 kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Nov 10 18:27:17 kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0789370, 0) error 1
Nov 10 18:27:17 kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Nov 10 18:27:17 kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Nov 10 18:27:17 kernel: module_register_init: MOD_LOAD (wpi_fw, 0xc0988330, 0) error 1
Nov 10 18:27:17 kernel: wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
Nov 10 18:27:17 kernel: wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
Nov 10 18:27:17 kernel: netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling
Nov 10 18:27:17 kernel: ioapic0 <version 0.3="">irqs 0-23 on motherboard
Nov 10 18:27:17 kernel: ioapic0: Changing APIC ID to 4
Nov 10 18:27:17 kernel: cpu1 (AP/HT): APIC ID: 1
Nov 10 18:27:17 kernel: cpu0 (BSP): APIC ID: 0
Nov 10 18:27:17 kernel: FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads
Nov 10 18:27:17 kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
Nov 10 18:27:17 kernel: ACPI APIC Table: <p4m80p awrdacpi="">Nov 10 18:27:17 kernel: avail memory = 961806336 (917 MB)
Nov 10 18:27:17 kernel: real memory = 1073741824 (1024 MB)
Nov 10 18:27:17 kernel: TSC: P-state invariant
Nov 10 18:27:17 kernel: AMD Features=0x20000000 <lm>Nov 10 18:27:17 kernel: Features2=0x649d <sse3,dtes64,mon,ds_cpl,est,cnxt-id,cx16,xtpr>Nov 10 18:27:17 kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Nov 10 18:27:17 kernel: Origin = "GenuineIntel" Id = 0xf43 Family = f Model = 4 Stepping = 3
Nov 10 18:27:17 kernel: CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz (3193.79-MHz 686-class CPU)
Nov 10 18:27:17 kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
Nov 10 18:27:17 kernel: root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Nov 10 18:27:17 kernel: FreeBSD 8.1-RELEASE-p4 #0: Tue Sep 13 16:58:57 EDT 2011
Nov 10 18:27:17 kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Nov 10 18:27:17 kernel: The Regents of the University of California. All rights reserved.
Nov 10 18:27:17 kernel: Copyright
1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Nov 10 18:27:17 kernel: Copyright (c) 1992-2010 The FreeBSD Project.
Nov 10 18:27:17 syslogd: kernel boot file is /boot/kernel/kernel</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></sse3,dtes64,mon,ds_cpl,est,cnxt-id,cx16,xtpr></lm></p4m80p></version></software></p4m80p></acpi></acpi></power></sleep></acpi></acpi></via></pci-pci></pci></vga-compatible></natsemi></mii></dp83815></d-link></marvell></mii></marvell></d-link></marvell></mii></marvell></via></ata></ata></pci-isa></isa></via></mii></rtl8201l></thermal></at></isa></system></generic></keyboard></at></acpi></cpu></enhanced></cpu></seagate></atapi-cd> -
When the system appears to be hung, can you get onto the console and ping anything?
-
When the system appears to be hung, can you get onto the console and ping anything?
I don't have a monitor or keyboard hooked up to it, but it looks like I should probably do that :) So no I have not tried that yet. I just try to access the web interface and try to ping it from a client computer inside the network and no luck. Funny part is it will send out emails when it sees a connection drop though! Happened while I was out of town the past 2 days.
-
Could be a NIC driver issue. I don't like using those Marvel Yukon ones. Perhaps someone else with those could comment on those.
-
I certainly hope someone chimes in because I'm as noob to PFSense/BSD as it gets. =\ Any direction/instruction would be great.
-
Which interfaces are you using with which NICs?
I have faced lockup problems with Marvell Yukon NICs though that was using the msk driver not the sk driver.
It was only a problem when the NIC/driver was under high load, when testing throughput. If I limited the speed to 100Mbps by inserting an old switch it was rock solid.
This is pure speculation at this point. ::)Steve
-
You have a variety of types of interfaces: 2 x sk, 1 x sis and 1 x vr. What are your interface assignments? (e.g. LAN is vr0, WAN is sk1, …)
When the system appears to be hung, can you get onto the console and ping anything?
I don't have a monitor or keyboard hooked up to it, but it looks like I should probably do that :)
Yes you should.
Funny part is it will send out emails when it sees a connection drop though!
What will send out emails? (pfSense system? a computer on the LAN? a computer on the OPT1 interface?) And what computer acts as the SMTP server?
Any direction/instruction would be great.
The already given suggestion would be a good start: @podilarius:
When the system appears to be hung, can you get onto the console and ping anything?
When the pfSense box appears to be hung can you ssh into it over one of the other interfaces? or access the web GUI over one of the other interfaces? It would be helpful to be able to distinguish between the box being hung (not responding to shell commands) and one of the interfaces being hung (not responding to incoming frames).
-
You have a variety of types of interfaces: 2 x sk, 1 x sis and 1 x vr. What are your interface assignments? (e.g. LAN is vr0, WAN is sk1, …)
"CenturyLink" is sis0
"Charter" is vr0
"LAN" is sk0sis0 or vr0 is an onboard nic
One thing I noticed is the marvell are gigabit cards and its only allowing 10/100 connections even though my equipment is all gigabit.When the system appears to be hung, can you get onto the console and ping anything?
I will check that next time it hangs
Funny part is it will send out emails when it sees a connection drop though!
What will send out emails? (pfSense system? a computer on the LAN? a computer on the OPT1 interface?) And what computer acts as the SMTP server?
It sends out to an external smtp server with an email service I have elsewhere. I believe its the mailreport package and the pfsense system because I can get my daily report from mailreport, and get notifications from the pfsense system "Gateways status could not be determined, considering all as up/active." and "MONITOR: CENTURYLINKGW has high latency, removing from routing group"
Any direction/instruction would be great.
The already given suggestion would be a good start: @podilarius:
When the system appears to be hung, can you get onto the console and ping anything?
When the pfSense box appears to be hung can you ssh into it over one of the other interfaces? or access the web GUI over one of the other interfaces? It would be helpful to be able to distinguish between the box being hung (not responding to shell commands) and one of the interfaces being hung (not responding to incoming frames).
I did not even think about trying to log in to my pfsense from an outside internet source and I do have that option as I have a 3g mobile broadband connection too. (I try to be well equipped haha!) I will also try that next time.
-
Which interfaces are you using with which NICs?
I have faced lockup problems with Marvell Yukon NICs though that was using the msk driver not the sk driver.
It was only a problem when the NIC/driver was under high load, when testing throughput. If I limited the speed to 100Mbps by inserting an old switch it was rock solid.
This is pure speculation at this point. ::)Steve
It does seem to happen more frequently when I have 4 games going on my pc at once and downloading bit torrents, doing speed tests. Pretty much anything that would soak up all the bandwidth possible.
-
I would guess that you are suffering from the LAN interface freezing. When you hook up a console or try to log in from the WAN side you will find out.
It's interesting that you are only getting 100Mbps connection to your sk0 interface. Faulty cable? Fussy switch? Exactly which chip does the d-link NIC use?You haven't said what speed your WAN connections are but I'm guessing they are probably less than 100Mbps in which case you may be better of using the sk0 interface as one of your WAN connections instead.
Steve
-
I would guess that you are suffering from the LAN interface freezing. When you hook up a console or try to log in from the WAN side you will find out.
It's interesting that you are only getting 100Mbps connection to your sk0 interface. Faulty cable? Fussy switch? Exactly which chip does the d-link NIC use?You haven't said what speed your WAN connections are but I'm guessing they are probably less than 100Mbps in which case you may be better of using the sk0 interface as one of your WAN connections instead.
Steve
I'm 10d/3u on cable and 8d/1u on dsl. It's did the problem a couple times today and all I have to do is unplug the LAN cat5 cable from the pfsense and plug it back in and it works again. I've been too addicted to skyrim today to actually try and troubleshoot it haha. =\ Today is my vacation..
-
I just switched the LAN interface to sis0 and put the centurylink connection on the sk0. We will see how it performs today. :) Wish me luck!
If it is a driver issue, how do I switch the driver and which one will work ?
-
You can't just switch the driver, the sk driver is the correct one for your card. However it may have been updated since FreeBSD 8.1 was released which is what pfSense 2.0 is based on. You may be able to recompile a newer driver with bug fixes. However that driver has been fairly stable for while, I've been using it no problems with Marvel 88E8001 based NICs.
There are some tuning options you can try with the driver.
Steve
-
You can't just switch the driver, the sk driver is the correct one for your card. However it may have been updated since FreeBSD 8.1 was released which is what pfSense 2.0 is based on. You may be able to recompile a newer driver with bug fixes. However that driver has been fairly stable for while, I've been using it no problems with Marvel 88E8001 based NICs.
There are some tuning options you can try with the driver.
Steve
can you elaborate on the tuning options?
-
after switching LAN to the other adapter I have not been disconnected once yet :) Going on a good 12+ hours so far.
-
So it probably was the NIC locking in some way. Presumably you are using the Marvel (sk) NIC for one of your WAN interfaces, are you checking that that hasn't locked?
In my testing the msk driver would usually show a 'watchdog timeout' in the system logs when it locked.Steve
-
Actually the connection I've had connected to that interface has been going up and down non-stop all the time, its been down 90% of the time. WTF. I'm going to try the 2nd marvell adapter I have in this thing. I have 2 of them totaling 4 nics. I just never mentioned the 4th since its not being used for anything.
-
Hmm,
Well the fact that it has been going up and down, whilst not good, does indicate that if it's a problem with the NIC or driver it is at least able to recover. My own experiences were that a locked card will never recover until the interface it brought down and back up.
Do you have any idea if that WAN connection was stable before? It's Sunday do perhaps your ISP are doing maintenance?
Can you see which Marvel IC is on that card?Steve
-
Just wanted to finalize this thread out by saying I ended up swapping out both the nics. Their chipset numbers are: 88E8001-LKJ1 AJ476A.2 0714 A4P TW Marvell of some kind. Hardware version: B2
Now everything works fine except dealing with havp and squid now :)
