Interface says offline even though it isn't
-
For some reason, under the status for gateways whenever I put a heavy load on my modem the interface goes offline.
Traffic still goes through fine, so why would it say it goes offline?(I know traffic is still going because I made a firewall rule for my computer to still go through that interface and I could access outside websites).
For the monitor ip I tried a few different ones 4.2.2.1 and 8.8.8.8 but the same thing happens.
This triggers fail over.
Any ideas why this could be happening?
Thanks
http://www.amazon.com/gp/product/B001CY0P7G/ref=oh_details_o01_s00_i00?ie=UTF8&psc=1
Is the network card
That is connected to a wnr3500l router, which is then connected to a cable modem. -
OMG… Chaining 3 routers? Other than that, it probably says "down" because the line gets that bad that ping fails...
P.S. No idea what "I know traffic is still going because I made a firewall rule for my computer to still go through that interface and my Internet was fine" is supposed to mean... What interface and what "firewall rule" is needed and where? Additionally, absolutely unclear where does pfSense fit into a picture when "[workstation LAN NIC] is connected to a wnr3500l router, which is then connected to a cable modem. Now, you mix load balancing into that.
Simplify your setup! No advise possible with a whole lot more information on the above mess.
-
Sorry D:
Let me try to word that better
zoom5341 modem > wnr3500l router > pfsense(wan input)
I have a failover setup so once it says offline, new connections just go through the second interface(OPT1)
When it said offline I took my computer and made a firewall rule:
traffic type: any
source: 192.168.1.132
gateway: WANEven though it said offline
My internet was still working on WAN, and when I checked my ip online it showed the WAN ip address.The reason the router is added is because, I have two modems.
A zoom5341 and a cisco dpc3010Their gateways are the same, and pfsense failover* doesn't work properly if WAN and OPT1 both have the same default gateway.
-
So you have failover or load balancing? Sounds like you want LAGG instead, i.e., using completely wrong feature… As said, get this nonsense out of the way and simplify it.
-
So you have failover or load balancing? Sounds like you want LAGG instead, i.e., using completely wrong feature… As said, get this nonsense out of the way and simplify it.
I just have fail over
edited my postI am sure my setup is as simple as possible for it to work with fail over. I just had to add an extra router.
-
Please, read this: http://doc.pfsense.org/index.php/LAGG_Interfaces
With a single uplink, you want neither failover nor load balancing. There is nothing to fail over or load balance on your WAN.
-
Please, read this: http://doc.pfsense.org/index.php/LAGG_Interfaces
With a single uplink, you want neither failover nor load balancing. There is nothing to fail over or load balance on your WAN.
I have two cable modems. WAN(zoom5341->wnr3500l) and OPT1(dpc3010)
I'll take a look at LAGG though, but I don't think that will fix my issue.WAN only goes down if I use WINMTR and spam packets through the interface or if I am torrenting with a lot of connections. The interface is still up even when it says offline. It will come backup shortly but it should not go offline at all since the connection is actually working fine.
-
I cannot see absolutely any information about two cable modems anywhere, up until now… How does the redundant Netgear fit into that? Out of this thread until you have provided meaningful, understandable and as completely as possible information on your network setup (including screenshots, some network diagram etc.) Waste of time so far, sorry.
WAN only goes down if I use WINMTR and spam packets through the interface or if I am torrenting with a lot of connections.
You should seriously consider hardware limitations of ALL your equipment. A.k.a. doctor, it hurts when I do this… So don't do that.
-
I cannot see absolutely any information about two cable modems anywhere, up until now… How does the redundant Netgear fit into that? Out of this thread until you have provided meaningful, understandable and as completely as possible information on your network setup (including screenshots, some network diagram etc.) Waste of time so far, sorry.
WAN only goes down if I use WINMTR and spam packets through the interface or if I am torrenting with a lot of connections.
You should seriously consider hardware limitations of ALL your equipment. A.k.a. doctor, it hurts when I do this… So don't do that.
I said I had two modems in the third post. A zoom5341 and a dpc3010.
The problem is the hardware is handling it but pfsense is telling me the connection is offline.
Pfsense box is an e5300 @ 3.4ghz, 2 gigs of ram, and all intel pci express nics.The wnr3500l is not redundant, it is used because fail over does not work if both modems are on the same gateway. I have Comcast. (Like one modem could be 76.152.153.123 and the other could be 76.152.153.21 but the gateway is the same.
I just wanted some ideas why pfsense was saying the interface was offline, if you have any ideas.
-
1/ I am absolutely sure the Netgear does NOT handle the kind of abuse you have described at all… multiple friends are using that box. Did not bother with checking the cable modem specs, however they are 100% not even close to the pfSense. Please understand that pfSense is NOT the limiting factor here. Your SOHO equipment routers definitely are. The whole point of why I said "hardware limitations of ALL your equipment."
2/ Still not even remotely enough info here about pfSense configuration to be able to advise about anything. In fact, no information on the network configuration at all… Missing a crystal ball. -
1/ I am absolutely sure the Netgear does NOT handle the kind of abuse you have described at all… multiple friends are using that box. Did not bother with checking the cable modem specs, however they are 100% not even close to the pfSense. Please understand that pfSense is NOT the limiting factor here. Your SOHO equipment routers definitely are. The whole point of why I said "hardware limitations of ALL your equipment."
2/ Still not even remotely enough info here about pfSense configuration to be able to advise about anything. In fact, no information on the network configuration at all… Missing a crystal ball.Oh yeah, I got rid of the netgear.
That fixed itI didn't think that was the problem it has a pretty decent cpu, I have a wndr3700 which worked fine, oh well.
Thanks
-
Is it simply that when the WAN is under load, the latency increases (and possibly some packet loss of the gateway monitoring "ping" probes). These parameters get outside their default limits and the gateway/WAN is declared down.
Look at System->Routing Gateway Advanced parameters. Perhaps increasing some of those settings will help - it does for me at sites with slow links that are easily swamped by download/s. -
Your setup seems entirely reasonable to me considering you need failover. Interesting that traffic is still being routed to WAN after it's marked down. Only existing connections?
Check the logs for what reasons the WAN is being marked down, high latency or packet loss. Adjust the parameters as Phil says above.
If it's packet loss then you may have some underlying problem.Steve
-
If it's packet loss then you may have some underlying problem.
Well, well you flood your poor SOHO boxes with thousands of BT or other P2P connections, you will have problems. Pretty much self-induced. Unless you want to replace (if possible at all) the cheapo Chinese junk every ISP supplies to their customers (with zero support from vendor usually and no firmware updates) with something up to par, you need to adjust your clients to not behave in an insane way. Such as limiting the number of peers in your BT client to a reasonable level. Otherwise, dumbing down those devices (as in switching to bridge mode) and turning off as much functionality as you can on that SOHO junk and offloading the work to a proper router behind them is highly recommended.
-
I understand what you mean and without getting into how many simultaneous connections your your SOHO equipment can handle or whether its junk or not, I have a separate question.
How do you get fail over using a single ISP (comcast) and especially if its coming off 1 piece of coax?
I could see getting 2 comcast modems and aggregating the bandwidth for faster speeds, but I'm not sure how you can get failover using a single ISP's infracture?
-
That's what I don't understand either… using one wire offers no failover beyond dead modem perhaps.
-
I understand what you mean and without getting into how many simultaneous connections your your SOHO equipment can handle or whether its junk or not, I have a separate question.
How do you get fail over using a single ISP (comcast) and especially if its coming off 1 piece of coax?
I could see getting 2 comcast modems and aggregating the bandwidth for faster speeds, but I'm not sure how you can get failover using a single ISP's infracture?
Yeah it's kind of silly, but sometimes the occasional t4 timeout can cause a modem reboot and it can get kicked to the 2nd modem. I have a DSL modem as a backup as well, so it's all good.
-
My only real issues with his particular setup are:
1. Double NAT breaks UPnP and NAT PMP.
2. Unless I'm missing something it offers no redundancy outside a fried modem.
3. Introduces another point of failure (router).
4. Probably introduces a much smaller state table between the modem and pfsense than pfsense has which is a really big deal for P2P.As for why his interface is reading as Down, I bet the previous commenter was right. Packet loss.
-
So, you have primary comcast modem directly into pfsense, then failover to comcast modem > router > pfsense, then DSL > pfsense?
In that order of precedence?
-
So, you have primary comcast modem directly into pfsense, then failover to comcast modem > router > pfsense, then DSL > pfsense?
In that order of precedence?
This thread is plain hopeless. Now we have DSL in play as well… we started with one cable modem going "down"...
@OP: Stop wasting people's time and post relevant screenshots of your configuration if you want any help. This gets beyond silly.
