OPT1 Loses Internet Connectivity Until PFSense Restarted
Ok, I admit I don't have a lot of details for this problem but it has happened twice now so I want to post it.
I am using 1.2.3-PRERELEASE-TESTING-VERSION built on Wed Feb 11 15:58:05 EST 2009 and if this is a known issue and fixed in a later release then great but this is in production so I'd rather not just change versions just yet.
The network looks basically like this:
LAN –-- ----OPT1
I've been trying to get the LAN and OPT1 to communicate together which I think I finally figured out the problem but that is a separate issue which I will post about in another area. I was adding and removing static routes (I know they are not needed for interfaces connected to the box but I was desperate and trying anything) and when things didn't work I put the settings back the exact way they were. Soon after, I got a call that the OPT1 network could not connect to the Internet at all.
I logged in via SSH and watched PFTop and sure enough I saw the replies coming back into PFSense were being blocked even though they originated from the inside. I even saw the test ping's replies being blocked. When I looked at the firewall logs on the web interface the interesting thing was that it showed the packets being blocked but even though they had a public IP they were reported to be coming from the LAN. I then tried all sorts of rules and even opened everything on every interface for a short time because I was losing my mind over this. I also reset states and this did not fix anything either. I finally just rebooted and everything came back up working as it had before.
I was looking at some things over the weekend and removed an unnecessary static route that was in there previously. The OPT1 lost Internet again this morning and so the first thing I did was a reboot and then the connectivity was restored.
Does anyone have any idea what's happening? Is there some better diagnostics I can do if it happens again?
Do I need to post any more information here? I'm not sure what else I need to find out the problem.
What interfaces are you using? e.g. WAN is fxp0, LAN is rl0 and OPT1 is vr0
Thanks for the reply.
This thread http://forum.pfsense.org/index.php/topic,11377.0.html discusses fxp driver problems as of a few months ago. I don't know if those remarks apply to the fxp driver in pfSEnse 1.2.3 but a quick look at the FreeBSD fxp driver revision history shows quite a number of changes made in the last 4 weeks (since the release of 7.1).
Next time the problem happens you could check if LAN still has internet access.
Do you have another NIC card you could try instead of the fxp? Or could you swap the interfaces around to see if the system behaves differently? (For example, make LAN fxp0 and WAN xl0, then if LAN loses internet access while OPT1 still has internet access it would be worth replacing the fxp.)
Thanks for the thread. I don't have physical access to the machine at the moment so I will ask my someone to check it out for me but I think the fxp0 might be the integrated NIC on the machine.
I am quite sure the LAN had access to the internet during the time the OPT1 did not. Actually, I know it did because I was connected through the VPN and connected to a server on the LAN.
Checked it out this morning and the fxp0 is one of the added cards. But since the WAN was working when the problem happened and the OPT1 and LAN both use the xl driver then it shouldn't be driver related, right?
I confirmed with the person on site that the LAN connectivity was still working when the OPT1 lost connection to the internet.
Any other ideas?