Internet traffic stops working for some traffic, a reboot of the firewall resolves the issue for several hours.
-
Hello,
I am relatively new to PFSense. I purchased one of the pre-built appliances and have been using it at home and not using very many features of it. Just recently (the past few months) I have been getting seemingly random problems connecting to certain things on the internet, some sites will work and other will not. If I reboot the firewall then everything works. It started where I would have to reboot every couple of weeks, then every week and yesterday I had to reboot twice. I am not sure how I would even begin to troubleshoot the issue to figure out what is going on.
I have a SG-2440 running version 2.4.4
What information can I provide to assist in troubleshooting? I appreciate any help that can be provided.
-
What happens when you try to reach those sites that are failing? What error do you see?
If it's a DNS error make sure the firewall itself is able to resolve that site in Diag > DNS Lookup.
Check the firewall logs in Status > System Logs > Firewall. Anything blocked on the internal interfaces that should not be?
Are you running any packages like Snort, Suricata or pfBlocker? Those can start blocking when they update.
Steve
-
@stephenw10 Thank you for the reply. I thought it was DNS at first and so pulled that service off of the Firewall and configured am internal DNS server and am still getting the same issue. The logs show that 100% of traffic is being permitted. I did install snort but it is disabled on all interfaces currently.
-
What do you see in a browser though?
Can you ping sites from the same client?
Is it always the same sites or seemingly random?
Any errors in the system logs at that point?
We need to know what's actually failing before we can address it.
Steve
-
For anyone who discovers this. Even though snort wasn't enabled on the interface it apparently was doing something. I never saw anything about it in the logs but I ended up uninstalling snort from the box and the problem went away. I won't try installing snort again until I have more time to work with it.
-
By chance were you running snort in Inline Mode?
Nvm, I'm thinking of Suricata. Snort does not appear to have a district "Inline Mode".