Losing connection to pfsense/internet randomly
-
Hello, im running pfsense on an old computer with SG200-50P 50-Port Gigabit PoE Smart Switch and 2 wan connections
Here is how everything is connected
2 Internet connection from the same isp(2 separate modem/router combo > pfsense running on desktop computer > cisco switch > my computer and 6 more computers
the problem im having is when im playing games or browsing the internet i lose connection for like 5 seconds, i always have cmd up pinging 8.8.8.8, when i lose connection i get General failure and sometimes request timed out at cmd
Thats happens to computers connected on WAN2 only, WAN1 doesnt lose connection ,just have lags(high latency) but not so common
Computers connected directly to WAN2 without pfsense or cisco in between had problems with losing internet connection in the past, not sure if it happens now
But the weird thing is, if WAN2 modem/router is causing this, i should be able to access pfsense webpage when it happens but for some reason i can't access it untill the connection is back
Atm im waiting for it to happen again to see if i also lose connection to cisco switch
Meanwhile, could someone point out where the problem could be?
Thanks
-
post your logs, i bet the modem/router combo is keeping logs too, what does that indicate?
what kind of nics is the 'old computer' using?
disable gateway monitoring action under system>routing see if that makes any difference in your situation
-
Not sure where the modem/router combo logs are, i dont think it actually has one, im using ZXHN H108N
for nics if i understand ur question, im using TP-link gigabit pci express
i couldnt find gateway monitoring option under system > routing, if u mean in System > Routing > Gateways > WAN2 > Monitor IP, i left it empty
In Status > System Logs > System > General
It keeps saying the following over and over
Gateway alarm: WAN2_DHCP (Addr:192.168.4.1 Alarm:1 RTT:24.441ms RTTsd:50.345ms Loss:11%) /rc.filter_configure_sync: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '65', the output was 'Line 94: bandwidth too large' Reloading filter Restarting OpenVPN tunnels/interfaces Restarting ipsec tunnels updating dyndns WAN2_DHCP Gateway alarm: WAN2_DHCP (Addr:192.168.4.1 Alarm:0 RTT:24.996ms RTTsd:49.011ms Loss:6%) /rc.filter_configure_sync: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '65', the output was 'Line 94: bandwidth too large' /rc.filter_configure_sync: MONITOR: WAN2_DHCP is down, omitting from routing group LoadBalance 192.168.4.1|192.168.4.2|WAN2_DHCP|29.992ms|57.18ms|12%|down /rc.dyndns.update: 17351MONITOR: WAN_DHCP is available now, adding to routing group LoadBalance 192.168.3.1|192.168.3.100|WAN_DHCP|0.8ms|0.118ms|0.0%|none Reloading filter Restarting OpenVPN tunnels/interfaces Restarting ipsec tunnels updating dyndns WAN2_DHCP
Whats openvpn? im not using a vpn nor i did configure one in pfsense
-
So your WAN2 connection is very lossy. You should fix that.
Are all your clients being routed via the load-balance gateway group? Or is it set as the default gateway? (that would be invalid).
For NICs the question really was what driver are they using. So like em0, em1 or maybe re0 re1 etc.
Steve
-
I have rule for each client, each client is routed either via wan1 or wan2, not using the load balance gateway group atm
For nic, WAN2 at re0 WAN1 at re1 and LAN at re2
WAN2 is lossy at the modem/router or at pfsense?
-
It's hard to say because you're monitoring 192.168.4.1 which I assume is the local modem. It would be better to set an external monitoring IP to ping against. That said I would not expect to see any packet loss against a local device.
Line 94: bandwidth too large
this indicates a problem with your Limiter setup. Check line 94 in /tmp/rules.limiter.Realtek NICs do not enjoy a good reputation. You might consider changing them if you can.
Steve
-
Yes 192.168.4.1 is local modem, should i put 8.8.8.8 in monitor ip?
Realtek is the only nics i could find, i'll see if i can find another later
I dont know where to look for line 94, dont know where is /tmp/rules.limiter.
-
Yes it's better to monitor an external IP like 8.8.8.8. But don't use that if you already have it as a DNS server.
You can open it in Diag > Edit File.
You could also just check your Limiter setup as it clearly has something misconfigured. Post screenshots we can review.
Steve
-
I had a large Net limit rule in firewall, ive deleted it, but i wasnt using it for anything
Thank you for your time steve