Cannot access pfsense from certain pcs
-
I only see one way traffic there.. I assume 192.168.0.198 is your client that is not working.. Who is .180 sending the pings?
From that trace pfsense at 192.168.0.254 is not answering anybody i only see traffic going to it - no answers.
If you notice when I ping it.. or hit it via http there is an answer
08:27:24.849369 IP 192.168.1.100 > 192.168.1.253: ICMP echo request, id 1, seq 824, length 40
08:27:24.849445 IP 192.168.1.253 > 192.168.1.100: ICMP echo reply, id 1, seq 824, length 4008:27:15.925462 IP 192.168.1.100.55443 > 192.168.1.253.80: tcp 0
08:27:15.925704 IP 192.168.1.253.80 > 192.168.1.100.55443: tcp 0I don't even see it answering arps for its IP?
4:18:14.367613 ARP, Request who-has 192.168.0.254 (00:0c:29:e0:65:b7) tell 192.168.0.141, length 46
14:18:21.253366 ARP, Request who-has 192.168.0.254 (00:0c:29:e0:65:b7) tell 192.168.0.30, length 46
14:18:29.997006 ARP, Request who-has 192.168.0.254 (00:0c:29:e0:65:b7) tell 192.168.0.200, length 46Where are the answers?
like this
08:27:20.418236 ARP, Request who-has 192.168.1.253 tell 192.168.1.8, length 46
08:27:20.418238 ARP, Reply 192.168.1.253 is-at 00:50:56:00:00:02, length 28So 00:0c:29, what virtual machines are involved here - is pfsense running on VM? 00:0c:29 is vmware.
-
I have seen mine hang like that before - but only when the WAN wasn't getting an internet connection. Are you connected to the internet?
I also would not put it beyond the realm of possibility that all of your non-working machines are infected. Think about it. If they were infected and all your traffic was getting proxied, they would have no way to proxy back to your web gui. -
The capture was only capturing traffic in 1 direction - my mistake.
And I fix the issue.
it was to do with my esxi host and the FW LAN interface having an incorrect MTU.
I use jumbo frames throughout (apart from those 3 machines as 2 are on wireless and 1 is on a switch which does not allow jumbo frames) so they always sent small / fragmented packets to the Firewall.
But the others were probably sending oversized frames which the interface on the ESXI host wasn't configured for.
-
Probably your first line of this post should have been "My pfsense is in esxi".
Is it working now?
-
Probably your first line of this post should have been "My pfsense is in esxi".
Is it working now?
yep fixed.
-
Thanks for the help all :)
-
Well - Thats an interesting problem you had there.
-
Probably your first line of this post should have been "My pfsense is in esxi".
Is it working now?
yep fixed.
Good. Enjoy pfSense. :D
-
Yup interesting issue.. Made so because of the original lack of information about network and setup. ;)
Some basics of the setup, what flavor of pfsense being run, hardware its on. Running nonstandard frame size is a biggy if you ask me. They have yet to be adopted by IEEE have they?
I personally don't see the point with jumbo on most local networks, more overhead and issues with setting it up than performance gains in your typical lan. And if your running good nics with LSO doesn't that kind of remove the whole benefit of less cpu work, etc.
They might be useful on a segment designed to move data, like a storage or backup segment.. But normal everyday user traffic - IMHO they are just more hassle than they are worth.
But glad we finally got your issues sorted.
-
I personally don't see the point with jumbo on most local networks, more overhead and issues with setting it up than performance gains in your typical lan. And if your running good nics with LSO doesn't that kind of remove the whole benefit of less cpu work, etc.
They might be useful on a segment designed to move data, like a storage or backup segment.. But normal everyday user traffic - IMHO they are just more hassle than they are worth.
Afraid the real life experience is that they break networking altogether unless every single piece of the equipment can agree upon the set up MTU. IOW, completely unusable in 99% of cases.
-
Yeah - I'm so happy to have a house full of cheap, old junk…
That stuff always seems to work flawlessly :D
(I'm being serious)
-
Yup – more hassle than any possible benefit that is for sure. Your printer support jumbo? All your switches, do the devices even agree upon the same jumbo size. From what I can tell the makers of the nics and drivers come up with their versions of what the actual size is.. So nic X might not be same as nic Y in computer Z.
Do you really see benefit in the majority of the traffic, dns queries, your gets for your websites. If you look at the types of traffic that flows around your network - where do they make sense.. Unless all you were doing is moving LARGE amounts of data all day long I juts don't see the point of them. Shoot many office networks and homes are like 50% or more wireless these days anyway.
My cheap nics can do 800+ Mbps over the wire at 1500 mtu.. Bottleneck is the drives in moving the data normally, so what performance boost would using jumbo get me?