Disconnected momentarily Lan networks after rule change



  • Dear whom it may concerns.

    I have momentarily disconnected Lan networks issue after rule change.

    Please kindly advise it.

    Thank you.


  • Rebel Alliance Global Moderator

    Going to need a bit more info if want any sort of help.  What is changing exactly and what is being disconnected.  When a gateway goes down all states can get reset if you don't tell pfsense not to do that, etc.



  • Thank you for your supports.

    I have 3 LAN networks(192.168.2.0/24, 192.168.5.0/24, 192.168.12.0/24), 1 Wan network, 1 DMZ network(172.20../24) on pfsense 2.4.2-r-p1

    I have momentarily disconnected all LAN & DMZ networks at same time if i have changed and saved firewall rule set for one of netowrks

    Please kindly advise me.

    Thank you.



  • Post a screenshot of the rules you are talking about so we can see what you mean.  I'm still unclear.  Of course, if you delete the Default allow LAN to any rule on LAN then you will not be able to access anything from LAN.


  • Rebel Alliance Global Moderator

    I change rules all the time.. I have multiple networks.. Nothing gets disconnected when changing rules.

    Here I got a ping going to IP on a different segment, from my lan 192.168.9/24 to dmz 192.168.3..

    I then created a new lan rule, applied, then move the rule up from the bottom and saved.. As you can see not 1 ping was lost.

    Show us what sort of rule your changing, editing or deleting, etc.




  • Thank you for your helps again.

    I have momentarily disconnected all LAN & DMZ networks at same time if i have changed and saved any firewall rule set from any networks

    For instance, I have added and saved 1 rule from DMZ network, and then LAN & DMZ networks were disconnected momentarily.

    Please kindly advise me.

    Thank you.




  • You showed just one rule.
    Show all rules.



  • The attachments are all rules for DMZ network.

    Please advise me this issue.

    Thank you.






  • All rules have identical states counter and passed the same number of bytes.
    Very strange.


  • Rebel Alliance Global Moderator

    Yeah something is broken there - there is no possible way that all those rules would have the same numbers on their states and passed info.

    That is a shitton of active states as well over 6,000 active states?



  • Dear whom it may concerns.

    Thank you for your helps again.

    I have migrated firewall from Pfsense 1.2.3-RC1  to Pfsense 2.4.2-release-p1

    After migrated all setting, I have momentarily disconnected all LAN & DMZ networks at same time if i have changed and saved any firewall rule set from any networks.

    For instance, I have added and saved 1 rule, updated NAT, saved something from any network, and then LAN & DMZ networks were disconnected momentarily.

    Please kindly advise me.

    Thank you.

    Best Regards,



  • Well unless pFsense keeps the changes in a buffer and don't apply them until the next reboot of the services, I would had assume stop-car-to-change-tire may sometimes be necessary and normal?


  • Rebel Alliance Global Moderator

    Sorry but this does not HAPPEN!!!

    Here I am pinging from lan into wlan…  I then changed a rule on lan even to block icmp to wlan and guess what no disruption..

    
    $ Fping.exe 192.168.2.11 -T -C
    
    Fast pinger version 3.00
    (c) Wouter Dhondt (http://www.kwakkelflap.com)
    
    Pinging 192.168.2.11 with 32 bytes of data every 1000 ms:
    
    13:32:45.324 : Reply[1] from 192.168.2.11: bytes=32 time=0.9 ms TTL=63
    13:32:46.327 : Reply[2] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:47.328 : Reply[3] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:48.329 : Reply[4] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:49.330 : Reply[5] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:50.332 : Reply[6] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:51.333 : Reply[7] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:32:52.335 : Reply[8] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:32:53.336 : Reply[9] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:54.338 : Reply[10] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:55.339 : Reply[11] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:32:56.341 : Reply[12] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:32:57.342 : Reply[13] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:32:58.343 : Reply[14] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:32:59.344 : Reply[15] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:00.346 : Reply[16] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:01.347 : Reply[17] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:02.348 : Reply[18] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:03.350 : Reply[19] from 192.168.2.11: bytes=32 time=1.8 ms TTL=63
    13:33:04.352 : Reply[20] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:05.354 : Reply[21] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:06.355 : Reply[22] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:07.356 : Reply[23] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:08.358 : Reply[24] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:09.359 : Reply[25] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:10.360 : Reply[26] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:11.361 : Reply[27] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:12.363 : Reply[28] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:13.365 : Reply[29] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:14.366 : Reply[30] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:15.367 : Reply[31] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:16.368 : Reply[32] from 192.168.2.11: bytes=32 time=0.4 ms TTL=63
    13:33:17.369 : Reply[33] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:18.371 : Reply[34] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:19.372 : Reply[35] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:20.373 : Reply[36] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:21.375 : Reply[37] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:22.376 : Reply[38] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:23.378 : Reply[39] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:24.379 : Reply[40] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:25.380 : Reply[41] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:26.381 : Reply[42] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:27.383 : Reply[43] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:28.384 : Reply[44] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:29.385 : Reply[45] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:30.386 : Reply[46] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:31.388 : Reply[47] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:32.389 : Reply[48] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:33.390 : Reply[49] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:34.392 : Reply[50] from 192.168.2.11: bytes=32 time=0.7 ms TTL=63
    13:33:35.393 : Reply[51] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:36.394 : Reply[52] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:37.396 : Reply[53] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:38.397 : Reply[54] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:39.399 : Reply[55] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:40.400 : Reply[56] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:41.401 : Reply[57] from 192.168.2.11: bytes=32 time=0.8 ms TTL=63
    13:33:42.404 : Reply[58] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:43.406 : Reply[59] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:44.407 : Reply[60] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:45.408 : Reply[61] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:46.409 : Reply[62] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:47.410 : Reply[63] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:48.411 : Reply[64] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:49.412 : Reply[65] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:50.414 : Reply[66] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:51.415 : Reply[67] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:52.416 : Reply[68] from 192.168.2.11: bytes=32 time=0.9 ms TTL=63
    13:33:53.418 : Reply[69] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:54.419 : Reply[70] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:33:55.420 : Reply[71] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:56.421 : Reply[72] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:57.422 : Reply[73] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:33:58.424 : Reply[74] from 192.168.2.11: bytes=32 time=1.1 ms TTL=63
    13:33:59.426 : Reply[75] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:00.428 : Reply[76] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:01.429 : Reply[77] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:02.431 : Reply[78] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:03.432 : Reply[79] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:04.433 : Reply[80] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:05.435 : Reply[81] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:06.436 : Reply[82] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:07.437 : Reply[83] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:08.438 : Reply[84] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:09.439 : Reply[85] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:10.441 : Reply[86] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:11.442 : Reply[87] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:12.443 : Reply[88] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:13.444 : Reply[89] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:14.445 : Reply[90] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:15.447 : Reply[91] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:16.448 : Reply[92] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:17.449 : Reply[93] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:18.450 : Reply[94] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:19.452 : Reply[95] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:20.453 : Reply[96] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:21.454 : Reply[97] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:22.455 : Reply[98] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:23.457 : Reply[99] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:24.458 : Reply[100] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:25.459 : Reply[101] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:26.460 : Reply[102] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:27.462 : Reply[103] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:28.464 : Reply[104] from 192.168.2.11: bytes=32 time=0.9 ms TTL=63
    13:34:29.465 : Reply[105] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:30.467 : Reply[106] from 192.168.2.11: bytes=32 time=0.8 ms TTL=63
    13:34:31.468 : Reply[107] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:32.469 : Reply[108] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:33.471 : Reply[109] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:34.478 : Reply[110] from 192.168.2.11: bytes=32 time=6.0 ms TTL=63
    13:34:35.479 : Reply[111] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:36.480 : Reply[112] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:37.481 : Reply[113] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:38.482 : Reply[114] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:39.484 : Reply[115] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:40.485 : Reply[116] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:41.486 : Reply[117] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:42.488 : Reply[118] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    13:34:43.489 : Reply[119] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:44.490 : Reply[120] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:45.491 : Reply[121] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:46.492 : Reply[122] from 192.168.2.11: bytes=32 time=0.8 ms TTL=63
    13:34:47.494 : Reply[123] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:48.495 : Reply[124] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:49.496 : Reply[125] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:50.497 : Reply[126] from 192.168.2.11: bytes=32 time=0.5 ms TTL=63
    13:34:51.499 : Reply[127] from 192.168.2.11: bytes=32 time=0.6 ms TTL=63
    
    Ping statistics for 192.168.2.11:
            Packets: Sent = 127, Received = 127, Lost = 0 (0% loss)
    Approximate round trip times in milli-seconds:
            Minimum = 0.4 ms, Maximum = 6.0 ms, Average = 0.6 ms
    
    $ Fping.exe 192.168.2.11 -T -C
    
    Fast pinger version 3.00
    (c) Wouter Dhondt (http://www.kwakkelflap.com)
    
    Pinging 192.168.2.11 with 32 bytes of data every 1000 ms:
    
    13:34:56.183 : 192.168.2.11: request timed out
    13:34:57.183 : 192.168.2.11: request timed out
    13:34:58.183 : 192.168.2.11: request timed out
    13:34:59.184 : 192.168.2.11: request timed out
    13:35:00.184 : 192.168.2.11: request timed out
    13:35:01.184 : 192.168.2.11: request timed out
    13:35:02.184 : 192.168.2.11: request timed out
    
    Ping statistics for 192.168.2.11:
            Packets: Sent = 7, Received = 0, Lost = 7 (100% loss)
    Approximate round trip times in milli-seconds:
            Minimum = 0.0 ms, Maximum = 0.0 ms, Average = 0.0 ms
    
    

    Notice no loss, i then stop the ping so the state can go away and try and ping again and you see the rule kick in and block it..  So yet again going to ask you what is disconnecting?  Be asking that since you started this thread and have yet show any sort of example or explain what is being disconnected.