Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN connection drops all the time

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      Peter-Z
      last edited by

      If it's because of Snort and I stop the service, I will immediately know it since LAN traffic goes through and I should be able to enter the webinterface again to uninstall Snort.

      Worst case, I'll do a reinstall and restore the settings which goes quite fast but I prefer to keep this as the last option because:

      1. I'm not sure it's solved
      2. it's not clear what the reason was

      pfSense 2.2.3 on Atom D510

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        I'm no expert in Snort to be honest.
        There should be something in the logs to suggest what have been blacklisted if it was.
        If you shutdown Snort when there are rules blocking clients in place it may not necessarily remove them, you might still not be able to access the webgui.

        Steve

        1 Reply Last reply Reply Quote 0
        • P Offline
          Peter-Z
          last edited by

          Is it possible that, due to a problem with the switch, the PF box 'did go nuts' with this result as behavior or is this to far fetched?
          Disabling Snort did not any change but it's clear that the switch has some ports that do not work properly and I had to move some cables to get everything working.
          Now, I can ping all hosts on the LAN and they remain online.

          pfSense 2.2.3 on Atom D510

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Hard to say. If your switch is suspect then almost anything could be true.
            Anything in the logs?

            Steve

            1 Reply Last reply Reply Quote 0
            • P Offline
              Peter-Z
              last edited by

              I cannot access the system via the webinterface.
              The console works normally and I still can ping out on both WAN & LAN.
              I reassigned the NIC's & addresses.
              With a ping every 5 seconds, now and then there is a succeeded connection and most of them are timed out.

              pfSense 2.2.3 on Atom D510

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                You can access the logs from the console using the clog command:
                https://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_(clog)

                Not suggested on that page is using 'less' to view the long log files in the console. E.g.

                [2.1.1-PRERELEASE][root@pfsense.localdomain]/var/log(6): clog /var/log/filter.log | less
                

                Scroll through with the cursor keys, use 'q' to quit. Appologies if I'm patronizing you.  ;)

                Look in the sysem.log and the firewall log (filter.log) though it requires some interpreting. I'm not sure if the Snort logs are there too I've never looked. Try to check that too.

                The other thing that can cause dropped packets is the system is too busy to reply. You've already stated that it's mostly idle which would appear to rule that out but try running 'top -SH' to check.

                Steve

                1 Reply Last reply Reply Quote 0
                • P Offline
                  Peter-Z
                  last edited by

                  Steve, I finally went for a clean install - wasn't sure that I could interpret the log files on my own, in a reasonable time, and didn't want to occupy you/others to much.
                  On the other hand I'm still curious though how this could have been solved and what the reason was for this issue.

                  Hey man, don't worry about patronizing me: I'm very grateful that you stayed with me! ;-)
                  Thanks A LOT for your help.
                  P.

                  pfSense 2.2.3 on Atom D510

                  1 Reply Last reply Reply Quote 0
                  • K Offline
                    kjemison
                    last edited by

                    I have the exact same problem… About a 50 user network, systems radomly cannot ping the outside network, perform a DNS flush / release /renew somtime will resolve the problem. Switches are Netgear 24 port Gigabit (which I may believe they are having an issue...but not 100% sure) I have never had this problem with other installs of pfsense.

                    I do not use snort or any other programs ... just a base install of pfsense.

                    One NIC is Broadcom (onboard) and other is an Intel Pro 1000.

                    Any ideas???

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      It's probably an unrelated problem, though we never did get a definitive result so it could be.  ;)

                      How much traffic are you pushing through the box? Does it start misbehaving under particularly high throughput?

                      With Broadcom and Intel NICs you should probably first try the recommended tweaks for each here:
                      https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        jswj
                        last edited by

                        Hi,

                        I don't know if this is the case, I work on a university and a student brings his own wifi access point from home without us knowing he plugs it to the network on the same vlan with pfsense, where its default IP was the same as pfsense LAN IP address 192.168.1.1, both running dhcp, maybe not the same issue, but it causes almost the same symptom that you have due to ip conflict.

                        How we found out? Skip skip…. I ran DHCP Find program and discover a rouge dhcp server which was the wifi AP.

                        I know, we have a security issues, long story... :) and we fixed the problem...

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Yes rogue dhcp servers can be a huge PIA!  ;)
                          Another user here experienced a similar thing except that the rogue server turned out to be an mobile hotspot application running on an iPhone. The user who's phone it was didn't even realise it was running and of course it was only there during work hours when diagnosing stuff is most difficult.

                          Always worth remembering that story when things are looking really weird. Check the MAC of the DHCP server, you can see if it's the correct one instantly and if it's not you can find out the manufacturer which gives you something to look for. Of course that doesn't help if it's a malicious attack where the rogue server has spoofed your own MAC.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.