Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Loosing connectivity between pfsense and webserver

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 758 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kiekar
      last edited by

      Hello,

      I need some help trouble shooting my connectivity problem between pfsense and my webserver (igb3)
      This connectiviy drop issue has been happening around the same time each day after updating to 2.4.5 . In order for the webserver to go back online I need to reboot pfsense. All my other interfaces work fine igb0, igb1 and igb2.

      Your help would be much appreciated.

      Karl

      system_log_pfsense.jpg

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        There's nothing unusual there. Unless that is looping continually like that. It looks like you're running Suricata in in-line mode?

        Does this still happen without Suricata running? Or running in legacy mode?

        Steve

        1 Reply Last reply Reply Quote 0
        • K
          kiekar
          last edited by

          Thanks for the reply Steve.

          I will monitor further.

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @kiekar
            last edited by bmeeks

            @kiekar said in Loosing connectivity between pfsense and webserver:

            Thanks for the reply Steve.

            I will monitor further.

            You are running Suricata with Inline IPS Mode active. That uses the FreeBSD netmap device. Each time Suricata stops and restarts, the netmap device will take the physical interface down and back up as Suricata first releases the netmap pipe when stopping and then re-establishes the pipe when starting again. That is normal for physical stops and starts of Suricata.

            The default, due to some folks having issues in the past with not enough memory, is for Suricata to stop and then restart for a rules update. You can override this default behavior by checking the Live Rule Swap on Update checkbox on the GLOBAL SETTINGS tab. This will enable a mode where Suricata will update the rules in memory without requiring a restart of the service (and thus the netmap device won't cycle the physical interface). Be warned, however, that checking that box will cause Suricata to temporarily consume almost double its normal RAM useage because it needs to keep two complete copies of the rules in memory during the swap. Whether this adversely impacts you depends on the amount of RAM in your firewall and how many rules you have enabled.

            1 Reply Last reply Reply Quote 0
            • K
              kiekar
              last edited by

              Thank you bmeeks for your detailed response. I'm far from being a guru with Suricata but how is it now effecting me all of sudden with pfSense 2.4.5. So far I haven't had to reboot pfSense today.

              I'm also using IPS Mode on igb1 and igb2 interfaces with no issues of connectivity loss and having to rebooting pfSense.

              I have 4 gigs of RAM where pfSense is consuming 56%

              bmeeksB GertjanG 2 Replies Last reply Reply Quote 0
              • bmeeksB
                bmeeks @kiekar
                last edited by bmeeks

                @kiekar said in Loosing connectivity between pfsense and webserver:

                Thank you bmeeks for your detailed response. I'm far from being a guru with Suricata but how is it now effecting me all of sudden with pfSense 2.4.5. So far I haven't had to reboot pfSense today.

                I'm also using IPS Mode on igb1 and igb2 interfaces with no issues of connectivity loss and having to rebooting pfSense.

                I have 4 gigs of RAM where pfSense is consuming 56%

                I don't know specifically why something affects you now and not before other than to offer that pfSense-2.4.5 is a new version of FreeBSD, the base operating system of pfSense. So it could be the netmap device driver was updated in FreeBSD, or maybe your NIC drivers got new versions in FreeBSD 11.3, or who knows? There are many changes from FreeBSD 11.2/RELEASE, which is what pfSense-2.4.4 was based on, to FreeBSD 11.3/STABLE that pfSense-2.4.5 is based on.

                Also will note that the Suricata upstream developer team rewrote the netmap portion of the Suricata binary code. Maybe something in there is in play. All I create on the pfSense side is a GUI wrapper to make creating the Suricata configuration file (suricata.yaml) easier.

                You could try switching over to the Legacy Blocking Mode to see if that works better for you.

                1 Reply Last reply Reply Quote 0
                • K
                  kiekar
                  last edited by

                  Ok bmeek thank you again for suggestions. I will look into it.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @kiekar
                    last edited by

                    @kiekar said in Loosing connectivity between pfsense and webserver:

                    I'm also using IPS Mode on igb1 and igb2 interfaces

                    Both are LAN type interfaces ? Or one of then a WAN ?
                    If so, and you have not have any NAT rules that you want to protect - or classic firewall rules that permit IPv6 to enter your network(s), you could remove that interface from the list used by Suricata.
                    "There is no need to protect a closed door."

                    @kiekar said in Loosing connectivity between pfsense and webserver:

                    pfSense is consuming 56%

                    That is : pfSense uses more like 6 % on your system - mine is - and your packages ( Suricata ?) is using that wopping 2 gigs. That van double on rule reload, so be careful what option you choose. You'll be close of using swap space with all the drastic consequences that comes with it.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • K
                      kiekar
                      last edited by

                      @Gertjan

                      Both are LAN type interfaces ? Or one of then a WAN ?

                      Suricata is not set for WAN igb0 however is set for LAN igb1, WLAN igb2

                      If so, and you have not have any NAT rules that you want to protect - or classic firewall rules that permit IPv6 to enter your network(s), you could remove that interface from the list used by Suricata.
                      "There is no need to protect a closed door."

                      @kiekar said in Loosing connectivity between pfsense and webserver:

                      pfSense is consuming 56%

                      That is : pfSense uses more like 6 % on your system - mine is - and your packages ( Suricata ?) is using that wopping 2 gigs. That van double on rule reload, so be careful what option you choose. You'll be close of using swap space with all the drastic consequences that comes with it.

                      Will look into it

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.