A little support for a home user.
-
I don't use IPv6 on my home network, it's unnecessary yet, but my service provides it ensure anyway
BTW, I use it in my work as it is needed in those systems...
if you don't need it much IPv6 for something (lot of IoT, etc.), turn it off
-
That is an ARP issue - thats what arpresolve is doing i assume. ARP is Layer 2. What interface is EM0? Is that your WAN interface? You can go under interfaces to see what interface that is tied to. I dont know why you would be having an ARP issue between your cable modem and the WAN port, that is really odd.
If you google that error, they talk about that generally means the device cant find its gateway. That is why I'm asking what interface EM0 is. Your using a non-netgate box, so that interface might not be your WAN.
If this interface is not your WAN, then you have the wrong network (IP Space) assigned to that interface. If you have 1.1.1.0/24 assigned to an interface and the gateway is on 1.1.2.0/24, your going to have that exact issue.
-
EM0 is connected to my Cable Modem. EM1 is connected to my home switch.
What do you mean by VM? I have pfsence booting directly from an SSD. It was the serial img.
-
Yah I updated my comment. Is your WAN interface using DHCP, or are you assigning a static IP?
-
I have Spectrum Cable Internet. It is DHCP. 400 downand 50 up.
-
OK, I use Comcast - the only thing you should have set on your WAN is DHCP for IPv4, and then DHCP for v6 if spectrum supports it - and you should be good. You dont need any other settings configured for the WAN interface other than the default two block statements at the bottom that are checked by default.
What Cable modem are you using by chance? Is it the Arris Surfboard 8200 I think it is? The little white box?
-
It is an Arris TG1682G
-
Alright, so that' an all in one modem, your definitely not just using a "cable modem". All in one modems generally require more work to work with an external router. Those have built in firewalls, and other services that could definitely be causing your problem. Have you disabled just about everything on it? Using those with wireless is very tricky too.
Does that have a pass-through setting that you can pass the WAN IP to the pfsense box? If so, have you enabled it?
Is it still acting as a Wireless Access Point for your devices?
This would be a lot more straight forward if you just bought a pure cable modem, and didnt use an all in one. My guess is you would need a wireless solution then as well.
-
When I had it installed I call the ISP and had them disable the router and wifi. I asked for the public IP to be passed thorough directly to my own personal router.
My home network is already set up with a PoE switch and access points. Its just the router that I am lacking right now.
-
Does your internet connectivity come back automatically when it stops working, or do you have to power cycle either pfsense or the cable modem?
I have a suspicion that what's actually happening is your cable modem isn't responding to dhcp requests from pfsense, and because its not your wan interface is dropping because the lease time is expiring. Does this happen right around 8 hours or so?
-
Its is random throughout the day and it comes back on its own after a minute or two.
-
Can you log into the cable modem? If you can make sure they disabled everything the firewall is doing on it. If your passing through the public IP, you dont need the firewall running on that at all anymore.
I know when I had ATT, i could pass through the public IP, but I still had to disable all the firewall services. I wonder if thats part of your problem. There shouldn't be an issue with the gateway (ARP) unless the ISP has something wrong, and I highly doubt that. My guess is your lease time is expiring, its requesting a new one (different packet types) and your firewall is responding and renewing your lease, thus your internet connectivity comes back.
I wonder if that error is because your lease time expires, pfsense ARPs for the gateway, but because the lease time expired its not technically on a network, and then when it gets or renews the IP you had its back to working again.
-
I would personally go buy a new cable modem, that is certified to work on Spectrum's network. I bet that would solve all your issues. Here is a list of Approved Modems for Spectrum:
https://www.spectrum.net/support/internet/compliant-modems-charter-network/
I use the Motorola MB8600, it has been rock solid for me for years.
-
I dont think I can log into the Modem. If I plug my computer directly into it, it will give me the public IP. I haven't tried to force the private IP and try to browse the GUI. Do you think that would work?
My Gateway Log if it helps...
May 31 15:08:07 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:06 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:05 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:05 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:04 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:04 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:04:41 dpinger WAN_DHCP 173.xxx.xxx.xxx: Clear latency 350437us stddev 826073us loss 0% May 31 15:04:32 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 450853us stddev 885261us loss 0% May 31 15:04:27 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 521943us stddev 967372us loss 0% May 31 15:04:22 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 63587us stddev 66054us loss 25% May 31 15:04:18 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 173.xxx.xxx.xxx bind_addr 173.168.225.119 identifier "WAN_DHCP " May 31 15:04:05 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 173.xxx.xxx.xxx bind_addr 173.168.225.119 identifier "WAN_DHCP " 100% -
Ok, so your latency spikes and your actually having packet loss. That would explain why your losing your internet connectivity. I would replace that modem, preferably with a non rented one from the list in my previous post, and i bet all your problems would go away.
If you cant currently afford to buy your own, have spectrum replace that one. There is definitely something weird going on with it.
It's also complaining about your WAN DHCP IP, so I think I'm on the right track with that too.
-
@behemyth Thank you. I will look at a new modem.
-
It is also possible there is a line problem causing the latency, maybe if the wind blows the wrong way its moving around, but that's not something they will check until you have done everything else.
Once you replace the modem, if you still have problems, remove pfsense from the loop and just run your network off the all-in-one and see if your problem goes away. If it does, then we know for sure its between the modem and pfsense.
-
I was using an old DD-WRT router for years with this modem without any problems (other than it was just a 10/100 speed). I also tested with a cheap D-link router and that is fine as well.
-
@behemyth
I would first test that without pfSense, another router (SOHO) or desktop one is experiencing this issue
because only then is your modem bad category...it's easy to tell - BAD MODEM - and must be replaced immediately, first prove it's bad what you're throwing away
-
If you used a cheap router already and it worked than it’s your hardware pfsense is running on.
Not using intel NICs is asking for problems. eBay a cheap 2 port server nic for like 20 bucks and I bet your problems will resolve themselves. Someone said this above and their probably right.
I ran pfsense virtualized in VMware for a long time using intel network cards and it ran great. Your using barebones hardware, should have the same experience.
