Can't connect to LAN interface unless tcpdump is running
-
Hey All,
This is by far the strangest thing that I have seen yet with pfSense. I had some connection issues earlier, and my internet dropped. This happens from time to time, and I can usually fix it by rebooting my hardware (an intel board with an Atom D2550 chip in it, running the 64 bit version of 2.1.2), and reassigning the interfaces, however this time it did not work. while I was troubleshooting, I suddenly lost my LAN link as well. I tried a factory reset, and even a fresh install, but i could not get my link back (either LAN or WAN).
Then I noticed something really odd. If I run tcpdump on the console, suddenly my LAN link starts working. I can access the web UI and ping the firewall and get a reply. This is really odd!
Has anyone ever seen this before? Any idea how I can go about troubleshooting this?
As always, thanks for reading :)
-
Well when you run tcpdump it puts the nic into promisc mode..
Here see attached, before running tcpdump, during tcpdump using that interface and after stop tcpdump. If I had to guess you got a issue with what mac your clients think the IP address of pfsense lan IP is. Dupe IP maybe? When in promiscuous mode it would see all packets not just the ones for its mac.. Just a guess before I have had my second cup of coffee ;) But first thing I thought of when you said works with tcpdump running is what does that do and enable promisc is only thing I can think of that changes when you run tcpdump.
So I would start there.
-
Hey thanks for the input! I think you are right, it does have something to do with it being in promiscuous mode.
Here is what I tried. I cleared the ARP cache on my desktop, and changed my MAC on the pfSense LAN interface. I still could not detect it, until I ran TCP dump again, and when I did, I was again able to ping it, and the ARP table reflected the new MAC address.
Here is my layout from desktop to firewall:
Desktop > Cisco managed switch > Firewall
I just checked the ARP table on the switch, and I don't see an entry for the firewall, just my desktop. There is other stuff plugged into the switch too, but I see no entries for any other devices. I've tried rebooting the switch, but the results are the same (I can only ping the network interface if tcpdump is running)
I just tried bypassing the switch as well, so the desktop connects directly to the firewall on the LAN interface, and still no luck unless tcpdump is running.
Any other suggestions?
Thanks again :)
-
Are you running the LAN interface in anything other than the default configuration that might require it to respond to MACs other than it's own? Bridge mode? Virtual IPs? Spoofed MAC?
What sort of NIC is it?Steve
-
So what does your client show for the mac of the IP?? If it does not see a mac it would not send out anything. So it must be only able to arp when your in promisc mode?
-
So what does your client show for the mac of the IP?? If it does not see a mac it would not send out anything. So it must be only able to arp when your in promisc mode?
No nothing. I've done multiple reinstalls and factory resets at this point, and I cannot connect unless the NIC is in promiscuous mode. It's a RealTek 8168/8111 PCIe chipset.
So what does your client show for the mac of the IP?? If it does not see a mac it would not send out anything. So it must be only able to arp when your in promisc mode?
When the NIC is not in promiscuous mode, it still creates ARP entries on both sides, both on the client and the firewall.
-
Is the NICs MAC address rational? Does it look correct?
Steve
-
Hey again,
I managed to get it working after another re install. After reading some other posts, I found that some people were having somewhat similar issues when they configured the interface through the console as opposed to the web UI using the wizard after the install.
Not sure why this is, but as soon as I configured it with the wizard in the web UI it worked like a charm. Thank you both for your help :)
-
So what your saying is your messed the mask on the interface, or prob set a gateway on it? while doing it from cmd line ;)
You might have wanted to mention that you were not using the default IP, etc.
-
If that is the case it would be great to know exactly what happened. There have been many instances recently of people misconfiguring internal interfaces but I've not been able to replicate it.
Also I'm not sure quite how that would explain the promiscuous mode.Steve
-
So what your saying is your messed the mask on the interface, or prob set a gateway on it? while doing it from cmd line ;)
You might have wanted to mention that you were not using the default IP, etc.
Good point, sorry, I didn't think that was relevant. I guess too much information is better that not enough. The subnet I was setting was a /8 BTW
If that is the case it would be great to know exactly what happened. There have been many instances recently of people misconfiguring internal interfaces but I've not been able to replicate it.
Also I'm not sure quite how that would explain the promiscuous mode.Steve
Yeah, it was definitely a strange problem. Is there a log or something I could send to help you figure out what happened?
