pfSense loses internet connection with no error
-
@tinfoilmatt The DNS points to the firewall, the DNS Resolver is with Type Transparent, DNSSEC and the Python module active. DNS Resolution in the general settings is set to Local DNS and fallback to remote DNS. But no DNS is specified in DNS servers.
-
@MaxPresi And what exactly is the ISP equipment? Pure modem? Or standalone router (a so-called 'gateway device' or whatever the Internet Scam Providers are calling them nowadays), either double-NAT'ing or in bridge mode?
-
@tinfoilmatt A Mikrotik router acting as a gateway and a fiber converter. I'm not sure how they work (or should work). But they ask if you use a firewall; otherwise, in addition to the router, they install a WatchGuard. I'll bother them again to ask.
-
@MaxPresi Do you have login access to the Mikrotik?
-
@tinfoilmatt No, only they have it.
-
@MaxPresi Shot in the dark—is your company running Active Directory Domain Services locally?
-
@tinfoilmatt No, we don't use a domain.
-
@MaxPresi When the internet goes down, do you lose access to pfSense webConfigurator (i.e., the GUI)?
And what are you doing to resolve the outage?
-
@MaxPresi And does your infrastructure still look mostly
like this[link removed]? -
@tinfoilmatt To resolve this, I restart pfSense, through the GUI itself.
The infrastructure is different now, I'm at a different company, but the ISP is the same.
The infrastructure is simpler, 4 UniFi APs and 1 Dell L2 Switch.
-
@MaxPresi The best I could suggest is you gotta troubleshoot this during an outage, from pfSense before cycling anything. There are the various diagnostic/troubleshooting tools available—plus I wonder if simply unplugging and replugging the physical cable between pfSense and the Mikrotik would get traffic flowing again.
Is there anything in partcular that has you leaning toward it being a pfSense issue in particular? Or is that just kind of where you're at for the moment?
Minimally-standardized Ubiquiti hardware on the network is—woof. Many an exasperated troubleshooter has simply upgraded or otherwise replaced Ubiquiti gear after fruitlessly chasing down "broadcast storms" or whatever tf.
-
@MaxPresi Also not intending to insult your clear experience whatsoever by saying something like 'you know logs are your friend.' But you know logs are your friend.
There has to be clues elsewhere either on other systems' logging, and/or by turning up the verbosity dial on the logs you're already relying on.
-
@tinfoilmatt This is the problem; it only happens once a day, and I had to get it working again because of the live stream.
Right now, I'm trying everything. I just spoke to the ISP on the phone, and they told me they also have nothing to report from their logs, except for the LAN being active at the time I restarted the firewall.
There's also the fact that the machine it's on is a complete piece of junk, an FX 4300 with 3 Realtek LAN ports. I'm reinstalling it on an R430 (8 Broadcom) and see if that solves it.
I checked the logs from beginning to end and there were no errors. I checked the 3 days the errors occurred, but I didn't find any errors.
-
@MaxPresi said in pfSense loses internet connection with no error:
Realtek LAN ports
Fairly certain I've seen nothing but bad things said about this flavor of NIC around here, so I think you're headed down a better track migrating hardware.
You haven't said if you're running CE or Plus, so it may or may not even be relevant—but be aware that the swap will probably generate a new NDI. My understanding is that this only affects a Plus install, and only until you obtain Netgate's assistance. But if you're CE, any concern here is moot.
-
Yeah check the system logs for watchdog errors from the Realtek driver. If you see them try the alternative driver or use a different NIC.
But sendto error 65 implies no route to the gateway IP. That pretty much means the WAN must have lost it's address unless you have a weird gateway setup. The system logs should show something.
