IPv4 stops working, but IPv6 still works?
-
I had a weird issue on 2.4.4 that I was hoping would be resolved on 2.4.5, but it happened again since upgrade.
In short, the issue is that I will lose the ability to create new outgoing IPv4 connections. IPv6 still works, incoming v4 connections happen, and established v4 connections are uninterrupted.
I am not sure exactly what to poke when this happens. A reboot always fixes the problem.
-
Do outgoing connections fail, if you use an IP address, such as pinging 8.8.8.8? If so, then you may have some DNS issue. However, without more info, it's hard to guess.
-
Yes, for example:
ping6 google.com PING6(56=40+8+8 bytes) 16 bytes from 2607:f8b0:4009:810::200e, icmp_seq=0 hlim=54 time=41.852 ms 16 bytes from 2607:f8b0:4009:810::200e, icmp_seq=1 hlim=54 time=34.806 ms
ping google.com PING google.com (172.217.0.14): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1
The gateways status page shows everything online.
The hosted VPN still conducts its v4 traffic, everything v6 still works, so clearly the ISP connection is still good, I'm just not sure what else I can look at to see where the problem lies.
Thanks!
-
OK, it appears you are pinging from a computer behind pfSense. Try from the pfSense box. Also, check if you actually have an IPv4 address. Possibly the IPv4 DHCP lease has expired. Depending on the operating system, DHCP failure will result in no address or something in the 169.254.0.0 /16 range. I'm not sure which pfSense does.
-
I have since rebooted again, so everything is behaving, but from prior occurrences, the Interfaces status would show I still had a valid IP address, however releasing and re-acquiring wouldn't have any affect.
Pinging from the pfsense utility would also fail for v4 addresses though I recall that pinging the gateway shown in Interfaces would work.
-
Use the command line. You can see more about what's happening. When it fails,check your WAN IP address. Try pinging your ISP's gateway, etc. You have to do some testing, to isolate where the problem is.
-
Thank you. I will do all that.
There was never any pattern to when this would happen, so it could happen tomorrow or not for another 3 weeks.
I am just not familiar enough with the inner workings of pfsense to know where to probe to isolate what stopped working.
Thanks again!
-
So, it has happened again.
From the command line, I can ping the ISP gateway. I can ping anything IPv6. Everything else IPv4 fails.
The only reason I can still access this forum is because it is available v6. Before I reboot it again, what else can I poke to figure out why this happens?
-
@donuts said in IPv4 stops working, but IPv6 still works?:
I can ping the ISP gateway.
With IPv4? If not, does ifconfig show a valid address?
-
Yes.
I can v4 ping the ISP gateway and the monitor address for that interface. Everything else v4 fails.
-
The next thing to check is your gateway address. If it's correct and it still fails, it could be a problem with your ISP. Use Packet Capture to see what happens with the packets intended for addresses beyond the gateway.
You can use the netstat -r command to see what your system thinks the gateway is.
-
I wasn't paying any attention to what the default gateway was when looking at the status pages, but for whatever reason, it had changed the default gateway on me. I previously had it set to automatic, and I guess it thought the usual default gateway was down and switched the default to a gateway that, while not technically down, isn't routable to the internet for the range used by most of my network. Because there are no other v6 routes, it doesn't change that one.
Since there are also routes to things like the ISP gateway and the monitor addresses, those would still work, but everything else was unroutable because of the switch in defaults.
I've now turned off automatic selection of the default gateway, and all is well.
I still have no idea why it switched when it did, but there is no reason to have switching in my setup, so it shouldn't happen again.
Many thanks!
-
Normally, you get the gateway address through DHCP. It should always point to your ISPs gateway. If it isn't doing that, then that's your problem.
One comment here. When you ask people to help with your problem, facts are essential. This means knowing or finding out what your gateway is, what you changed and so on. It's very hard to help, when the details keep changing. When you get it working, make note of things like your IPv4 address, the gateway address, etc.. Then when the problem occurs, you can see what's changed.
-
You are absolutely right.
It just never occurred to me that pfSense would change the default gateway after the system was booted.
-
It shouldn't. But that's why you should know what's normal, before trying to find out what's failed.