pfSense drops Internet ?
-
@dragoangel
Yes sir --- rebooting the modem does no good, I can't get a DHCP address =( -
@wangel said in pfSense drops Internet ?:
@dragoangel
Yes sir --- rebooting the modem does no good, I can't get a DHCP address =(If you connect pc straight to modem this not reproduce?
P.s. hate modems)) -
@dragoangel
Correct, if I connect PC straight to modem it works. -
@wangel said in pfSense drops Internet ?:
Correct, if I connect PC straight to modem it works.
Have you tried spoofing the MAC address of your PC under Interfaces > WAN > General > MAC Address?
-
What is your ISP and modem?
-Rico
-
and if i can ask.. do you have suricata/snort running inline mode?
-
@kiokoman Suricata is running, but it is running in Legacy mode.
I thought it might have something to do with Suricata also.... but I didn't see anything in the logs showing that....
-
@Rico ISP is Spectrum ... modem is a Surfboard 6183 or 6180, I forget which. But it's a Surfboard.
-
@biggsy
No, I have not tried that. I can just to see what would happen tho, heh. -
@wangel said in pfSense drops Internet ?:
Can you please show a screenshot of this page- SystemRoutingGatewaysEdit
-
-
Try clicking the "Disable Gateway Monitoring Action" box and see if it reoccurs. Re-enable the gateway monitoring.
You should let the monitoring happen so you can look and see later if your ISP is dropping out or not by watching the logging graphs. StatusMonitoring
-
@chpalmer Done.
Will monitor/report back if it happens anymore. Thank you sir!
-
I have similar issue (Internet stop working on all interfaces) described here: https://forum.netgate.com/topic/143661/one-interface-loses-internet-access-and-i-could-get-it-back-only-after-reboot-the-pfsense
but still no solution found -
@ady2 said in pfSense drops Internet ?:
I have similar issue
Probably not.
@wangel didn't post back, so, fingers crossed : case closed.
The other thread is also a case closed.Btw : problems described might match, and if so the answers in these threads contain the solutions.
If your problem is identical, the proposed solutions would also work for you.
So, what is it : the problem looks identical, but you did not apply proposed solution ? Why not ?No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan You jinxed it!!!!
Not really ... I hadn't posted back because things had been working, until about 4pm EST yesterday, when it died again.
I was able to access resources from the outside (ie: My Camera system etc), but internet out would not work. I also could connect to the vpn, type in my password, but the vpn would never establish.
When I got home, I had no internet. I could get on the pfsense box, but if I tried to ping the outside world, I would get "permission denied". Now was the time I needed to figure this out.
Over the past couple of days, I had been working on setting up Graylog and sending my logs from Pfsense to it. It's working, so I figured I'd go digging.
Sometime yesterday, about 3:35pm EST, Unbound, or Quad9, or something lost their minds. It started flooding my firewall and pfsense blocked my own public ip. That explains "permission denied". I tried running /etc/rc.filter_configure. That fixed it so I could ping OUT from the pfsense box, but nothing from the LAN side could still ping. At this point, I rebooted.
Whatever it was, was Quad9. Everything was on port 853, and to and from ip 149.112.112.112.
That being said, DNS is setup on pfsense going to cloudflare first (1.1.1.1, 1.0.0.1) and then I had 9.9.9.9 and 149.112.112.112 as the 3rd and 4th dns entries.
I've removed Quad9 from the equation, so we will see if it happens again. I don't know if it was unbound doing something ... or something on my network that started making a ton of calls to 149.112.112.112, but whatever it was cause the PF to end up blocking my WAN Interface.
I will continue to monitor and report back.
Thanks all!
-
@Gertjan said in pfSense drops Internet ?:
didn't post back, so, fingers crossed : case closed
you brought bad luck
-
I wonder about cases where a ton of traffic is going out of the network like that. Does the ISP possibly flag it as malicious and block it?
-
Try disabling the hardware checksum.
I had a problem where my internet would randomly drop after moving to a new box. I made the change to disable hardware checksum and haven't had a problem since.
-
Permission denied like that is from pfSense itself. It's not the other end refusing the echo requests.
As you found it's usually the traffic being blocked by Squid/Suricata. The WAN IP itself would be inside the default Homenet alias and therefore excluded from blocking. I assume it was blocking the ping target therefore? If it was blocking the actual WAN IP then something is misconfigured.
Steve
