Homelab Firewall Experiencing Odd Behavior Since Converting Back to CE Build
-
Howdy all! I hope everyone is doing well this winter.
Hardware: MSI motherboard, i5 4670k, 16g DDR4, 512Gb mSATA SSD, Intel I211 dual port NIC, N100 liquid cooling etcetera etcetera...
OS: pfSense CE 2.8.1This baremetal build has ran pfSense for years with absolutely no problems. However, it's been a while now since Netgate blindsided us when they revoked the pfSense Plus free licenses. I still ran the plus version for a long time without updates. I finally decided to revert to the CE version, and it wasn't long after that reversion when I started noticing this odd problem. I cannot for the life of me find a correlation between network activity and whatever this hardware is experiencing. Although it does increase this odd behavior while streaming YT videos I believe.
This system has no HDD (ssd only). Every few minutes the firewall hardware sound like is writing to a really old and loud HDD. When streaming YT videos back to back it seems to do this just as often, but it does this for longer periods. I swear it's gonna take off into outer space sometimes. It's odd that this problem arose immediately after going back to a CE build.
I do have a graphing SS to share of monitoring system processes and memory. I'm have real trouble figuring this out, and I do know the hardware is very old now, but it runs fine. At the moment it does have a memory issue loading pfBlocker, but I'm getting to that problem...
I did notice earlier while monitoring different options, one was at 1m. I'll have to look again and post another SS of that.
Is there anything standing out in the following graph:
Any and all assistance and feedback is greatly appreciated! Also, possibly rewarded with BEER or coffee!!!
-
-
@Falklan from the description it sounds like it could be a fan. Does it have a CPU or power supply fan?
-
It has both a PSU fan and a 120mm connected to the radiator. I can say it's not the 120mm fan making noise, because that fan is very quiet.. It's been so long since I built it... Let me find the PSU info real quick. Cooler Master M2 Silent Pro 720w modular.
I really should DC it, take it outside and give it a good blasting with my little hand held cordless blower. I'm sure it need a good cleaning by now. That little blower is a real time saver.
It could actually be the pump at this point. It was built in 2013 and has a Corsair H100i liquid cooler on it. It's probably the pump. I'm going to get a stethoscope and probe after that noise. After hitting it with the blower of course.
-
Yup 'sounds' like a bad fan to me too. Nothing in CE would do anything to that. Likely just a coincidence.
BTW we never revoked existing pfSense Plus licenses. You should still have been able to update to the current Plus version on the same hardware.
-
I'm not positive it's a fan/pump. At this very moment it's silent. It's neither persistent, nor is it constant like a fan bearing. It doesn't wine; it doesn't squeal. Almost as if something is being dumped like some cache fills and then dumps. This is the only explanation I can provide.
Or, perhaps, something is initialized, runs and closes. It's not constant, but it is consistent. Every 10 minutes or so it does it. It's one of the weirdest things I've ran across. I should also included that I completely reinstalled CE with no change. I've stopped every service possible one at a time. Well I did both. One at a time and all services at once. No change.
So it's probably not a pfSense problem at this point.
-
@stephenw10 said in Homelab Firewall Experiencing Odd Behavior Since Converting Back to CE Build:
BTW we never revoked existing pfSense Plus licenses. You should still have been able to update to the current Plus version on the same hardware.
Does that mean that I can still use pfSense Plus while using the activation/licensing information I still have? That would be fantastic!
-
It will still be registered if it's the same hardware. In that case you should see the Plus Upgrade available in the update repos.
-
One time use activation tokens so it will not activate. No hardware changes, but it would be nice to have Plus loaded again.
-
Yeah the token is one-time but the NDI it was used to register will still be valid. Send the details in chat and I can check it.
-
I may have found this culprit. I've been sitting here working on pfBlocker and snort configurations for about 30 mins.
No odd noise yet, so I may have found it.
In pfSense I had the normal hardware cpu encryption settings enabled... Those encryption features were disabled in the BIOS... I was adjusting frequency and other settings in the BIOS, and the noise popped up. I don't understand why this affected this particular system without the OS booted... Really weird to me, but I'll go with it... And then I saw those disabled processor features, and enabled all that is available for an old i5 haswell processor.
I enabled those processor features in the BIOS at 2 am last night and then off to bed. Up at 7 am and working on my 5800x workstation because this damn AMD Ryzen 5800x is the most unstable crap I've worked on in years.
It keeps tripping faults by crashing gpu drivers. No dump file; no event log evidence about this particular crashing problem. BOOM back to BIOS from windows 11 enterprise workstation desktop. Hmmm how about this for a simple workstation setup?
-
I would like to say thank you to whomever did something that enabled the pfSense Plus upgrade options to become available on my build...
You're the BEST!!!That has been missing from my particular firewall for a long time! Makes me wonder if those disabled processor features had something to do with that...
-
I've love to take credit but as far as I know we did nothing! it seems likely that one of those BIOS tweaks enabled or disabled one of the NICs somehow.
-
Last night I was watching some YT videos, and the noise popped up again. I came back after getting some sleep to work on this workstation. I've been on and off for hours today and no noise yet. This is the oddest problem I've had with any of my builds.
I've even taken the time to complete a couple of hours of DNS benchmarking. I would presume that if this noise is being triggered by network traffic that the benchmarking would have caused it to become prevalent. At this point I simply don't know what to believe. The DNS benchmarking app sends DNS resolver queries 20 milliseconds apart.
It's been the best $10 I've spent in a long time for an IT tool. I definitely give Gibson Research props for developing an inexpensive, yet comprehensive, networking tool. The $10 was for the all new v2 of DNS Benchmark. It tests hundreds of IPv4/IPv6 DNS servers, and it's capable of testing servers using DoH and DoT side-by-side. So, yes indeed, it produces a lot of network traffic during benchmarking.
As I've sat here writing this post, absolute silence! WTF!!! This problem is driving me mad!
-
Mmm, I really wouldn't expect DNS to ever present any sort of significant loading on the firewall. And I can only imagine some sort of temperature change generating any sort of noise.
Check the monitoring graphs. Does anything peaking there align with when the noise is present?
-
Well I can monitor the amount of traffic that generates... It's actually flooding requests to 61 DNS servers in my list all at the same time. Their lists have hundreds of servers.
I have been monitoring different firewall operations, but I've seen no correlation between graphing data and this noise. Nothing that syncs with the noise as of yet. I'm still monitoring and listening.
Example: 30 minutes ago I was only creating a post for for a thread on an automotive forum. Nothing dramatic, but the noise had me concerned because it was becoming louder and louder, while I just sat here typing. Exactly like I'm doing right now, and there is no noise... I just don't get it yet... I bet if I take down the firewall for cleaning I might find something. It's to the point where I have to take it down and thoroughly inspect and test the hardware.
-
Yup I'd be amazed if it was anything but soemthing worn and/or blocked in the cooling system.
