2.5.1-RELEASE - Dropping LAN](Requires Reboot)
-
I'm having a very similar issue as the following thread. I updated to 2.5.1 about a week ago and it's been stable until today. I've experienced this need to reboot the firewall about 5 times today and I'm not sure where to look.
Re: [Solid Stable [2.4.5-RELEASE] - Dropping LAN](Requires Reboot)
My pfSense has been up an running over a year. I keep it updated, backed up, etc. After making no changes, last week I lost internet. Traced it down to the basement, and rebooted a switch. Ping to the firewall LAN gateway came up, but still no internet. Rebooted the firewall and we were back in business.
This happened 5 or 6 more times over 3 days. I thought it might be the switch. I ordered and installed a brand new one. After 2 days, the problem happened again. When I lose network, I reboot the switch, and I can ping LAN devices but no internet. I then reboot the firewall, and internet comes back up.
Prior to rebooting the firewall I cannot access the GUI or ping any IP on the device.
What can I do to troubleshoot this?
-
@tomv said in 2.5.1-RELEASE - Dropping LAN](Requires Reboot):
What can I do to troubleshoot this?
Hi,
A well configured firewall is rarely need to reboot, what you describe are just general first experiences, we need more than that.
The contents of the log files would help a lot, when you experience this behavior, you have to distinguish if it's a possible ISP error (I don't think so) or HW error (maybe) or configuration issue (yes).
The best data you've given so far is that the GUI is unresponsive, so I'd definitely recommend building a console connection to access the firewall on event......
BTW:
So it can be a very complex problem that needs to be investigated step by step, it can still be an L1 / L2 network physical issue (cables, switch, etc.) or a configuration issue.....First step:
Try to directly access the firewall, say with a laptop, when this happens and leave out all other network elements.
@tomv "Prior to rebooting the firewall I cannot access the GUI or ping any IP on the device."
and this sentence means, as I understand it, that you're doing a complete electrical shutdown, by force
this is not so good, especially on a UFS installation, so I would also do a disk / file sys. health check...
(in this respect, it is definitely better to use ZFS)https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html
(On 2.5.1 this is now a built-in option under the reboot menu)
-
@daddygo "Prior to rebooting the firewall I cannot access the GUI or ping any IP on the device." Sorry I wasn't clear on that point. I can't access the device from the LAN side. I do have console access. From the console, I'm able to ping outside.. ie: 8.8.8.8.
I didn't have my phone on me to take a picture but when I chose "10) Filter Logs" it returned logs that mentioned IPv6 filtering. I didn't see any IPv4 related messages.
It hasn't happened again since I posted so I'm wondering if it's related to something I was doing at that time. I'll try to replicate the issue and take a picture of the screen.
Anything I should look at if this does happen again?
-
@tomv said in 2.5.1-RELEASE - Dropping LAN](Requires Reboot):
From the console, I'm able to ping outside.. ie: 8.8.8.8.
if you have console access, it's better than GUI, so post the logs here...
You see, something is very wrong here
when this happens, pls. directly connected to pfSense (console), because by the rule of formal logic, if there is PING towards 8.8.8.8 then there is internet....
BTW:
so you have to look for the problem somewhere else, old host or some boring AV stuff....
this will be clearly answered by the box, if you ask via console(because it works as you say, then pfSense works too)
-
This had happened about 3 more times.
The first 2 times it happened I needed a quick fix so I rebooted the pfSense box and it recovered. The most recent issue happened last night around 1am and lasted until about 8am, the quality graphs were showing issues. I rebooted the firewall and it didn't recover so I rebooted the Xfinitiy modem and it recovered.I called Xfinity to have them check the modem and they said they detected some issues over the last week (but couldn't tell me the dates and times) and are going to send a tech to check the line.
If there is a problem with the line and modem, why would the last few times recover when the pfSense box was rebooted?
Is there something else I can check in the logs to see if there is a problem on my home network?Here's what it looked like throughout this mornings issue.
-
@tomv said in 2.5.1-RELEASE - Dropping LAN](Requires Reboot):
I rebooted the firewall and it didn't recover so I rebooted the Xfinitiy modem and it recovered.
ISP issue?!
(but why do you write that,...... LAN question)...... nope, this is a WAN issue
BTW:remember the ISP always lies, otherwise they would pay you money
Yes, there is a checkpoint, watch the log output of the WAN GW monitor...(dpinger)
-
@daddygo said in 2.5.1-RELEASE - Dropping LAN](Requires Reboot):
watch the log output of the WAN GW monitor...(dpinger)
the output of dpinger can be seen in the logs, and is used to create the stats @tomv showed :
-
@gertjan said in 2.5.1-RELEASE - Dropping LAN](Requires Reboot):
the output of dpinger can be seen in the logs,
something you do, something you don't..... -
Comcast came out today and said he saw an issue on the line and the outside connection was missing the POE filter. He said he added one at the house and one at the box by the street. I'm not sure what he meant but searching seems to point to it being a MOCA filter.
The only thing I have with them is internet. No TV service.
He said the line no longer shows any issues.
The speeds are the same as before and so far there haven't been any issues.
However, now the quality graph is no longer updating.
Would that filter somehow block whatever pfSense uses to build the graph?
He made the change at 5:20pm and it's now 10:45pm.
All other graphs seems to be fine and updated as of the current time
-
The xfinity modem had a flashing white light.
I rebooted it and the firewall and the graphs are now being updated.I'll continue to monitor the quality and report back if I experience any more issues.
-
well it died again this morning. I connected to the pfSense console and was able to ping out to 1.1.1.1 but couldn't connect to anything on my home network.
A reboot fixed it.
What can I look for to find why this is happening?
btw: I upgraded to 2.5.2 a few days ago but can't change the title of the original post
