Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Network Traffic Errors

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 713 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frankyd3325
      last edited by

      Hello

      I am new to pfSense and learning quickly but having issues (been using pfSense for 2to 3 monts now)...

      I have 8 internal VLANs and lately, I have been getting (on applications running in the network) many unexpected network errors and many software failing (backups, DNS replication ect...)

      I am having difficulties solving or even pin pointing this issue.

      Most of my rules are still open (meaning connecting from 1 host to the other are .) I need to have it fully functional before locking down connections (Specifying which port to use).

      Does anyone have any idea where I could start to look, or even better, which pfSense service I should ensure is on or off that could cause unexpected network issues?

      Thank you for any input on this

      Cheers

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @frankyd3325 said in pfSense Network Traffic Errors:

        off that could cause unexpected network issues?

        How exactly are we suppose to know what that is?

        many software failing (backups, DNS replication ect...)

        Give us 1 example of something that has failed.. And the details - are the devices involved in whatever it is you feel failed on different vlans? Are they wired or wireless? What exactly failed? DNS replication? You mean like in AD from one DC to another..

        Your backup failed - what was the failure it reported... Could not connect to X, Could not resolve X, connection was reset, etc. etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • F
          frankyd3325
          last edited by

          Hello

          Sorry, I should have explained more..... (My Bad, sorry)

          All wired networks

          yes, connections between VLANs... Backups are being performed (starting and seem to finish) and crashes while transferring backups from hosts to storage node (Different VLAN's) at end of backup... (says backup was successful but dies transferring backup to storage node, so it fails.

          DNS, Its from AD Servers to DNS Servers. (here what is making me pull my hair out... both AD on different VLAN's and they replicating fine, but both all 6 DNS servers on different VLANs aren't getting updates, but all DNS servers can telnet (port53) to AD Servers. I can conect to manage the DNS servers from AD server of RSAT tool but sites not replicating (anymore, it used to perfectly for 2/3 months and stopped last Friday). No real network change before/since.

          I was also asking, if there is a setting I might have setup or forgot to setup that would cause issues like this.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            No there is no setting that says hey in 2 or 3 months start causing problems..

            If your having replication problems then follow the basics.. understand which dc holds the different fsmo roles..

            Run your different tests.

            dcdiag /v /c /d /e /s: > c:\dcdiag.txt
ipconfig /all (from all DCs and DNS servers)
repadmin /showrepl (from each DC)
repadmin /replsum
dcdiag /test:dns /s: /dnsbasic
repadmin /syncall /aped
Ping each DC by name and verify that the name resolves to the correct IP address.
Use nslookup to test DNS across different DCs.
repadmin /bind servername - Can the DCs bind to each other?

            You could just be having issues on your switching infrastructure.. Or problem in your AD that is causing your other problems.

            Check those logs on the DCs for issues..

            I assume your using integrated for your DNS??

            6 DNS servers on different VLANs aren't getting updates

            So your NS for your AD are not your DCs, just member servers - or are you using something else for your AD dns like bind or something?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • F
              frankyd3325
              last edited by

              Hey

              LOL, I realise there is not setting in 2/3 months cause issue LOL....

              DNS Servers I have tried all those test(wel 90% will try the othes in a sec)...

              But was more focusing on backups (large file transfers) that are dying in last seconds of transfer and getting unexpected network traffic error.

              Agree with you point on switch (Netgear smart switches - 4 years old).

              SO there is no setting that might cut off large file transfers or a loggin type to see large file transfers across VLANs being cut off?

              Like I said, I am trying to solve this while learning all the different aspects of this amazing product.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                no there is nothing that would do that...

                Your not running IPS package?

                Do you see in anything in the firewall log that something to got blocked... Lets say for example you have it set to reset all states when you have a wan issue... In such a case if you had a "wan" problem that pfsense thought was offline - and it reset all the states.. That could for sure cause you pain..

                Does pfsense show any wan going offline issues - what does your monitor graph look like for your wan.

                If that was the case say client in A was sending file to box in vlan B.. and states got reset then file transfer would be stopped - but you would see entry in firewall log with A, that traffic was blocked because it was out of state.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • F
                  frankyd3325
                  last edited by

                  Ok, Thank You

                  I will do some more testing/Log reading and see if I find any clues on this.

                  will update if I find anything.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.