Outbound/Inbound blocked after a few minutes
-
Changing the subnet gateway like that is unlikely to make any difference. Making that change though causes pfSense to reload the interface config. I predict that if you issued this at the CLI that would also bring back connectivity:
/etc/rc.reload_interfaces
So then the question is what is being set that expires after 20 minutes.
When connectivity is lost what happens if you try and ping via that interface in Diagnostics: Ping:? What is the actual error given? What type of WAN connection is this? (cable, dsl, wifi etc)
Steve
-
Thanks for the help.
You are correct, running that command from the CLI had the same effect.
Pinging from Diagnostics
PING www.google.com (74.125.228.241) from myipaddress: 56 data bytes–- www.google.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet lossIt is a cable connection. The only thing that has changed is the upgrade.
-
Sorry been away for a few days.
Does the dashboard mark the second gateway as down? Anything in the system logs?
Some people seem to have been having trouble with the apinger process which monitors gateways in recent updates. This seems to often be accompanied by clearly incorrect stats in the rrd graphs and the dashboard widget like >100% packet loss or ping times in the 10s of seconds.Steve
-
<phew>Thought you had given up :) Welcome Back.
No the dashboard all looks like it should.
I will go over the logs again tomorrow to check.
There are no other problems or issues. Just this strange one. :'(</phew> -
Hopefully the logs will show something.
So you still have DNS resolution when it goes down. Do you have DNS servers added in pfSense on both WANs? It isn't seeing the route as down, it's still sending the packets but just not receiving anything. Hmm.Can you repair the connection by unplugging and re-plugging the cable to the WAN? Without making any config changes.
Steve
-
The logs show nothing that happens around the time when it starts to fail.
Unplugging the Wan cable did not repair the connection.
I have 2 internal DNS server configured on the pfSense for my main domain. Which is configured in general setup. It only allows one domain in there. Should I have DNS Servers configured elsewhere as well?
-
Hmm. The DNS still functioning iS probably nothing then if it's using your internal servers.
Do your rrd quality graphs show the connection dropping out? I'm surprised there are no apinger entries in the logs.
Steve
-
OK I've been keeping an eye on it the last couple of days. There is nothing in the logs to help when the connection goes down. rrd quality does not show me anything either.
So as a test I set up another server to do the exact same thing and it works. All the time.
So what is changing in the 15 to 20 minutes that is blocking the server ??
-
I just removed and re done the rule to send it out the non default gateway(for the 100th time) and now it is allowing me to ping out but I cannot connect to any websites and cannot also connect to it from outside.
-
So when you replaced the server with another box it worked perfectly?
Steve
-
Sorry. I didn't replace the box I just created a new rule for a lab server. Now the lab server has in/out on the non default gateway but the server I want to work still does not.
-
Hmm, tricky.
So what's the difference? Is this a server issue or something related to the forwarding rules? (hard to know what that might be though).
Not really sure what to suggest. :-\Steve