Can't ping from GUI, unstable game server connection, gateway monitoring does not work
-
I changed the WAN port and i still have the same issue. The WAN port is now the onboard intel lan that my motherboard has.
11:10:52.483720 70:85:c2:88:89:5f > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 37908, offset 0, flags [none], proto ICMP (1), length 29)
192.168.100.2 > 192.168.100.1: ICMP echo request, id 42553, seq 654, length 9
11:10:52.484110 0c:b9:12:05:6b:80 > 70:85:c2:88:89:5f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 2509, offset 0, flags [none], proto ICMP (1), length 29) -
Well it's not showing a checksum error there now. But the firewall still doesn't show ping replies?
Assuming that second packet is a reply, I think you missed the last line. Which might still show the error!
-
Seems like I missed a line...
18:39:02.151563 70:85:c2:88:89:5f > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 38915, offset 0, flags [none], proto ICMP (1), length 29)
192.168.100.2 > 192.168.100.1: ICMP echo request, id 42553, seq 54235, length 9
18:39:02.151878 0c:b9:12:05:6b:80 > 70:85:c2:88:89:5f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 56090, offset 0, flags [none], proto ICMP (1), length 29)
192.168.100.1 > 192.168.100.2: ICMP echo reply, id 42553, seq 54235, length 9 (wrong icmp cksum ffff (->85ea)!)
18:39:02.652615 70:85:c2:88:89:5f > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 12414, offset 0, flags [none], proto ICMP (1), length 29)Sorry about that
-
Hmm, Ok so that's a completely different NIC, not on the expansion card?
And I assume ifconfig still shows checksum off-loading is disabled?
And you cannot ping out to anywhere from the firewall?
I'd probably re-install clean at that point just to be sure. A default install with an Intel NIC is close to guaranteed to work. It's hard to see what could be causing that.
Steve
-
Correct, that NIC is the onboard one, not a port from my i350
I tried a clean install before but it did not help with my issue..
I can ping from my computer but i cannot ping from PfSense itself...
Edit: Here is the config for em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Internet
options=810098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
capabilities=953d9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP>
ether 70:85:c2:88:89:5f
inet6 fe80::7285:c2ff:fe88:895f%em0 prefixlen 64 scopeid 0x3
inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
supported media:
media autoselect
media 1000baseT
media 1000baseT mediaopt full-duplex
media 100baseTX mediaopt full-duplex
media 100baseTX
media 10baseT/UTP mediaopt full-duplex
media 10baseT/UTP
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> -
I mean really we can only conclude that the checksum really is bad and whatever is sending it is for some reason breaking it's own replies but only to the next hop.
Try testing pfSense behind something else perhaps?
Steve
-
If i am correct, i should try testing PfSense with a different router (Instead of my provider's modem/router) ?
-
Yes, if you can. Or better, without the ISP's router at all.
-
So, now I am using a TP-Link Archer D2 as my gateway. Unfortunatelly, my ISP won't let me change modem. I can ping the gateway but cannot ping anything behind it... Oh god....
For example, I cannot ping 1.1.1.1... What a mess....
-
So from TP-Link or from pfSense?
You put the TP-Link in between pfSense and the existing router?
If not can you not use pfSense with the modem directly? So it gets a public IP on it's WAN.
Steve
-
From PfSense I am able to ping my TP-Link Router but cannot ping anything else that's connected after my TP-Link router. At monday I will change my modem with a different model that my ISP offered to me, hope that fixes the problems...
I ran a traceroute, PfSense sends the ping and never gets a reply back... Something ain't right
It is really stupid that I have to go though this, because they do QoS on their modem and they won't let me change to another PON modem / router... Other ISPs in my area offer a GPON Terminal and let you hook up whatever router you want, but they do not offer the speeds that i need. Greece's internet ISPs are just terrible. I hope in the next 2 years things get better...
Note: Can't really blame my ISP, I am using a internet connection for home users to host servers. My budget is really tight and I cannot afford to give 52 euro / month for a bridged connection.
-
Subnet conflict maybe? They need to be using unique subnets between each router.
-
I don't think there is a Subnet Conflict
Here are the subnets
Modem: 192.168.100.1
TP-Link: 192.168.200.1
Pfsense: 192.168.2.1, 192.168.3.1 -
That should be fine.
So effectively the same as before?
Can clients behind pfSense ping further?
Typically when pfSense can only ping it's gateway it's because it has a bad default route. Check the routing table in Diag > Routes, make sure the TPLink is the default route.
Steve
-
Seems like it's default route is TPLink
Same as before, clients can ping further
I'll get my modem changed today, we will see the results after that. Hope that's the issue.
-
So great news! After I changed my modem / router, everything works as it should! Seems like my ISPs modem is garbage. Now for some reason players are experiencing really high latency, but if I remember correctly, that's only a problem with the onboard NIC.
Thanks a lot for the help :)
- Alexander
-
Nice. That's some weird behaviour.
Steve
