Internet Keeps going down
-
like this? sorry for the crude drawing..
https://drive.google.com/open?id=0B4IAV3fk9yIYSDEyMl84SDQ3UzA
-
You dont need the PC on the switch.
-
i would just be able to tell because the lights on the switch?
-
Yep- thats the idea. Otherwise you could try putting 192.168.0.(2-254) in your laptop as a static IP and see if you can reach the modem while plugged into the switch.
But since you reported that the interface lights also go out during these occasions this should tell you which device is doing it.
-
Quick update. Got home, internet was down again after a day of nobody being home. Old computer has been in since yesterday, trying to eliminate my new computer being the problem. I could ping Pfsense and it would respond, i SSH into the box and couldn't ping out. No yellow exclamation on networking icon and no indication that the internet wasn't working except I couldn't surf anything.
Here is a pic of desktop
https://drive.google.com/open?id=0B4IAV3fk9yIYb0laYmxhY3ctcW8
what I did was take the crappy $20 switch out which connects all my lan and replaced it with my Cisco. I also added another Cisco switch in series like chpalmer said. I pulled the Intel dual NIC card and replaced it with my original one. My wife reminded me that all these problems started when i got the new router and newer network card, so now I have the old dual Intel PCIe NIC back in my old computer.
$700 router and all Cisco equipment, kind of frustrating. I am hoping that maybe it is that dual NIC. I also had to reinstall PFsense because when i replace the NIC and try to reboot PFsense, it just endlessly rebooted, would not load.
I also tried disabling DNS forwarder and DNS resolver but it didn't work, so I put them back on.
:)
-
Seems you have ruled out your new motherboard at least.
Good luck! ;)
-
I also tried disabling DNS forwarder and DNS resolver but it didn't work, so I put them back on.
Both of them?
-
one at a time. I am beginning to think it is partly a dns setting problem. . I have always used forwarder in the past.
-
DNS won't cause a link to go down but broken DNS makes the whole internet look broken.
If it is your ISPs DNS servers, using the resolver should completely bypass that, assuming those are the servers you're forwarding to.
-
at this point I have no idea, i am just reading up on the right setup of DNS on my PFsense box. Do you have any suggestions? ever since I have used resolver I seem to have these problems unless it is a coincedence.. I checked use DNS forwarder, put nothing in the DNS settings on the general page and Allow DNS servers to be over written by DHCP. On the dashboard it says 127.0.0.1 and then what appears to be my isp DNS numbers.
-
Honestly, I don't know. You're sort of all over the place.
I think you need to slow down and take a step back, simplify your setup, and see what's really going on.
Is the WAN link physically going down or not? If so, it's not DNS.
If you cannot browse but can ping 8.8.8.8, it might be DNS. If you can't ping 8.8.8.8 it's likely not DNS.
If your ISP DNS servers are unreliable, you should be using the DNS Resolver or pointing your DNS Forwarder to more reliable servers like google or OpenDNS using System > General Setup.
-
Derelict,
it's funny because it has been all of that, it isn't the same all the time. Sometimes when the internet is down, i ssh into the box and the WAN link isn't there, sometimes it is. Sometimes I cannot browse but when I ssh into the console I can ping 8.8.8.8, sometimes I can't. There just doesn't seem to be a pattern, i feel like I am chasing a moving target. I have been running PFsense for the last year and a half and it has been stable, really just happened as soon as I updated my router so I went back to old computer and still having problems.
-
I think maybe when you're running in circles everything looks like a moving target.
Not trying to insult or belittle, but it would be pretty surprising for you to be experiencing all sorts of different failures with any regularity unless your ISP totally sucks. (First your link goes down, then their DNS servers are down, then your link goes down again, then there's routing instability, etc.)
If you are experiencing random, unrelated failures it is going to be nearly impossible for anyone on an internet forum to provide a solution.
If it fails:
What is the exact nature of the failure? What is the exact error message?
Ping out increasing one hop out at a time.
Ping google DNS 8.8.8.8.
Use dig/drill to query the name servers you have configured. Know what name servers are given to you by your ISP if that's what you're doing so you can query them directly.
Do all of these things when everything is working so you know what it looks like.
Do a traceroute to 8.8.8.8 and keep a record so you know what the hops are. Ping them when everything is working so you know if ping is blocked or not.
-
If you are losing the interface on the NICs have you tried a switch between the modem and Pfsense? Maybe there is some kind NIC issue going on.
-
Put it in series. Modem - Switch - Router. If the connection goes down again then you will see which interface drops independently of the other.
Mike- you saying you can't reach your modems GUI in bridge mode either? Really makes no sense to me as cable is not a "tunneled" connection like a PPP or VPN connection would be. Notice that modem in the video I linked to is in bridge mode already as the user is showing the options…
The firewall does not by default block connections outbound to 192.168.0.1 unless you are using 192.168.0.0/ as your LAN as well.
You need to setup a test that allows you to split the problem in half, so you can figure out if the problem is happening on your side or the ISPs side. To do this let’s reset your modem back into gateway mode. When your modem is in bridge modem then the Lan is in the same broadcast domain as the WAN so you should pull a public IP address. Unless your modem as a special boot file you will not be able to pull more than one IP address so you don’t need the switch in between the gateway and the firewall. Your modem should have a four port switch built into it so we can use that.
I would also reinstall your firewall and use a blank configuration. I would use PfSense 2.2.6 as it has been around for a while now, 2.3 it scheduled (rumor has it) to drop today but you want to stay away from that for your testing purposes. Once we get you good then you can upgrade.
Set your LAN IP to 192.168.80.1 or something other than 192.168.0.0 /24 – 192.168.2.0 /24 these are commonly used networks and you don’t want to use them just in case you want to peer with someone, you don’t want to have address conflicts down the road. Also let your Firewall pull the DNS information from your ISPs DHCP. Also PfSense use to block RFC1918 address on the WAN interface by default that is why I suggest you uncheck the box that says “Block RFC1918 address” at least check to make sure the box is not checked. You can find it under the WAN Interface that you create.
Once you do this lets wait for it to fail. If it doesn’t then you know something with either your configuration of installation was jacked. If it does then I would run the following test:- From behind PfSense see if you can ping your WAN address of the firewall
- From behind PfSense see if you can ping your gateway’s LAN address
- Connect to your ISPs gateway and see if you can surf
- If you can’t drop to the command prompt and try to ping www.google.com
- Try to ping 8.8.8.8 or 4.2.2.2 or 4.2.2.1
- Connect to your ISPs gateway and record the level information which should appear at the login screen according to the Internet when I looked up your model of modem.
- Note the lights on your modem when you can surf, maybe take a picture or a small video
- After each ping note the arp table if the pings are not successful either from Pfsense or the command prompt.
- You can view your arp table from the command prompt by using the command “arp -a”
- To see arp from pfsense go to diagnostics -> Arp table
The whole point of this is you want to narrow the issue to either your modem or your firewall. Once you find that out then you can troubleshoot further. IMHO Lastly I would say don’t get frustrated, anything worth having takes a little effort. Regardless of what approach you take you will have to choose one troubleshooting method and stick to it. Having 20 engineers trouble shoot your Internet connection sounds like a good Idea but it can drive you crazy. The method that I’m employing here is called the half-split method.
-
thanks guys, i really appreciate the responses and am totally embarassed it has come to this. Mike, i will do what you said and print that out after work tonight. you too Derelict, i will print that off too and take a step back. Maybe it is a good thing for my kids to not have internet for a couple days :)
-
Don't be embarrassed, this is how we learn. The internet should work, it just may not be stable but it will be. Trust me, I have a similar hardware setup like yours so I do believe you can get to the bottom of your issue. What you are doing may help others down the road which is why I help out in these forums, and to get experience from others.
P.S. sorry for the grammer mistakes in my last post I wrote it like three times because my Edge Browser kept deleting the page when I hit backspace too many times in a row.
-
thanks Mike, i hope one day when i get it resolved, it will help someone at least. The last thing I am concerned with at this point is grammer :)
-
EDIT. I AM WRONG
I didnt read the whole thread but i had a similar issue. What worked for me so far (knock on wood) was switching from 32bit to 64 bit architecture. I only went through a few pages of your response, but do you mention whether your Pfsense is 64 or a 32 bit install?
my wan link would drop offline and a reboot would fix it, was my problem, and was solved for now changing the architecture.
Make sure your new pc has a firmware update on it, if no one mentioned that yet. Go get the latest motherboard firmware.
Did you try installing in uefi mode? did you try installing in legacy bios mode? does it make a difference?
-
I am running the 64 bit version. This is an old PC with a new firmware. I will play a little with the setting of UEFI and LEGACY. What I did do was change from DNS resolver to DNS forwarder and put back my original NIC and I have been up for 21.5 hours but that has happened before.