I am running pfSense on the following machine…
Old Dell p3 1Ghz with 512 meg of ram
2 intel pro 100 nics (offload checksumming is disabled)
Netgear wag311 wireless nic used for access point
Old 16 port netgear hub (not a switch)
Old 13 gig hard drive
I'm having to reboot the machine about once a day. Yesterday I couldn't access the web interface and we lost the internet connection on all the computers on our network. I went to the console and I saw a message saying something about a beacon reset on ath0. I rebooted the firewall from the console and everything started working again.
I was running bittorrent over night and this morning when I woke up the machine running bittorrent had lost all connectivity to the network (it has a wired connection), but I could access the internet on my laptop which has a wireless connection. I used my laptop to access the web interface of pfSense, and rebooted it through the web interface, and after rebooting all connectivity was restored to the computer running bittorrent.
I'm not running any sort of advanced setup. I have the wag311 set as an access point using wpa2 encryption. I have two nat port forward rules in place, I have a rule allowing all traffic on the wlan interface, and a rule allowing all traffic on the lan interface. I'm using pppoe for my dsl wan connection. I have no packages installed.
I really don't even know where to begin looking for the problem. If anyone could suggest what logs to keep an eye on, or something to look for I sure would appreciate it. I was using monowall for a week and half, and it was working spectacularly, but I've had nothing but trouble with pfSense. I just solved the first problem by finding out that I had to disable hardware checksum offloading because I have the intel pro 100 nics, and now I'm having these problems.
Any help would be greatly appreciated.
danswartz last edited by
STF in the Wireless forum here. There are numerous discussions of beacon issues, freebsd 7.1 vs 7.2 drivers, etc… I was having similar issues and finally gave up, pulled the wireless PCI card and went back to a separate AP.
Alright, it just happened again. Let me be more specific about the situation.
I have a Windows XP computer running uTorrent downloading some large files. I also have VNC installed on this computer so I can access it remotely with my laptop on my local network. I just attempted to access the XP computer with my laptop using VNC and the connection timed out. I went to the XP machine, and tried to see if I could get on the internet, so I opened firefox and it couldn't connect. I then attempted to ping the pfSense firewall machine from the XP machine and it wouldn't connect. In essence all networking on the XP box was dead. At this point I wanted to attempt to work on isolating the problem so I rebooted the XP box and again tried to see if it had connectivity after the reboot, and sure enough it didn't. It was still dead. Now remember during this whole time I was using my laptop which was connected wirelessly to the pfSense box and the laptop had totally connectivity and had internet access. So during this whole ordeal the wireless was working fine and routing traffic to the WAN. For some reason pfSense after some time does not like that XP machine thats running uTorrent and is somehow cutting it off from the network. The really odd thing is that the XP machine has a static IP address. 192.168.1.99.
Again, I don't know what logs to go to look at to see whats going on, but this is getting really irritating. There is something about that XP machine running uTorrent that pfSense doesn't like, and pfSense is doing something to kill that computers connectivity.
By the way, thanks for the reply danswartz. I went and read some of those articles, and I learned that if it just gives one or two beacon errors that its nothing to worry about. Also, it appears my problem has nothing to do with the wireless side of my pfSense box. In fact the wireless side appears to be whats working properly.
The XP system is connected to the hub or directly to the pfSense box?
When connectivity is lost, is it due to a physical communication problem? What do the LEDs on the two NICs (Xp system and pfSense) indicate? What interface state does pfSense report? Does the pfSense interrupt counter for the NICs go up (on pfSense, use the shell command vmstat -i)?
If you are using the hub, do things work better if you bypass the hub? (You might need to use a crossover cable.)
The XP box is connected to the pfSense box through the 16 port hub. I originally noticed that the XP box was having trouble when I tried to vnc into it from my wireless laptop and the connection timed out. At the time my laptop was working fine. I then went to the XP box and tried to ping the pfSense box with no luck, and attempted to get on the internet with no luck. In retrospect I should have tried to ping another computer on my wired network, or check to see if windows network browsing was working. I'll make sure to do that during the next event. I did however check the interfaces on pfSense from laptop at the time, and they looked fine. All interfaces showed up and connected.
I just remembered to that I was watching a movie on netflix streaming through another wired computer when this happened, and it stopped playing, but again my internet connection on my laptop was unaffected. Also rebooting the XP box didn't do anything. Once I rebooted the pfSense box everything returned to normal. I guess that isolates it to a problem on the LAN interface.
vmstat -i shows the following…..
interrupt total rate
irq0: clk 9013191 1000
irq1: atkbd0 7 0
irq8: rtc 1153562 127
irq10: ath0 11465673 1272
irq11: fxp0 fxp1++ 2994224 332
irq14: ata0 16968 1
irq15: ata1 70 0
Total 24643695 2734
I have no idea what "normal" would be while looking at this information, so please advise.
I doubt the problem is physical simply because reboots have solved the problem so far, but during the next occurrence I will be much more detailed with the information I gather.
The only thing I can think of is perhaps my dsl connection was stuttering (I'm almost on a first name basis with the at&t repairmen in my area) but as soon as that pops in my mind I remember that my laptop was working perfectly fine while I was having all these problems.
"Normal" NIC interrupt counts and rates depend on traffic. My suggestion about vmstat -i was not concerned about absolute numbers so much as determining whether the NIC was interruptiong at all while the system was in the "no communication" state.
You have a problem with many possible causes. It is worthwhile taking a number of careful observations to get a better understanding of the nature of the problem. In this case my questions are aimed to determine if connectivity is lost because a NIC "locks up".
I doubt the problem is physical . . .
I've seen a number of strange problems that had physical causes, e.g. intermittent communications failure due to temperature sensitive components in power supplies, system crashes on enabling hostap mode of a wireless NIC (crashes went away when the NIC was correctly placed in its PCI slot), synchronous communications link that intermittently failed (about once a day) due to incorrect wiring of the clock signals. Best to keep an open mind.
I agree wallaby that it could be a bad piece of hardware. I didn't want to make it sound like I thought it couldn't be the hardware, just that its not my prime suspect. This naturally almost makes it certain that it is hardware related lol.
Anyway, it hasn't locked up again yet. When it does I'll make sure to meticulously go over all connectivity on the XP machine, and the pfSense box.
Just wanted to update you wallaby. I went upstairs to do some homework tonight, and my ipod couldn't connect wirelessly to the router. I can't do homework without music.
I went downstairs and figured I would try the BETA 2.0 release. So I downloaded it, burned it, and went to install it, and it kept returning error code 1 when it was trying to install to directories, or create them, I don't really know what it was doing, but it was failing. I also got a memory access error one time. This didn't boost my confidence that the drive and or memory were good.
I had one other old Dell P4 2.4Ghz with 1 gig of ram in it that I was thinking about making into a media center with an extra copy of windows 7 I have. I picked it up for 80 bucks. Anyway, I decided it was time to put it into service.
I grabbed another old 40 gig hard drive I had, stuck it in the new Dell, took out the netgear wag311 and put it in the new box, and I had an old 3com 3c905b (I loved them back in the day, greatest cards ever) so I stuck it in hoping pf would have drivers for it which it did, and I just used the on board nic thereby negating the need to even install the intel pro 100's.
I reinstalled, and so far so good.
I do have one question though. Once I got everything set up the range on my wag311 card still wasn't good by any stretch. I went in and set the channel to channel 1 instead of auto, and I switched to wireless b only. All of a sudden the range really seemed to improve. I'd be interested to hear any tips anyone might have involving range on wireless nics when using them as access points. After switching to channel 1 and setting it to wireless b I sat where I was earlier where I couldn't connect, and cleared my ipod network settings and reconnected 3 times at full strength (antennae was in exact same position as before). Earlier on the old box, and on the fresh install set to wireless g I couldn't even get a signal, and the table I was sitting at couldn't me more than 15 feet away as the crow flies.
And to think wireless wasn't even on the market when I left IT. Man did I get out at the right time. :)
Just wanted to update you wallaby.
Thanks for the update.
Regarding the wireless issue: Maybe you have some interference on some channels. There are some pieces of software (e.g. kismet at http://www.kismetwireless.net and wavemon at http://eden-feed.erg.abdn.ac.uk/wavemon) that can give you much more information about our wireless environment and these might help identify why you are seeing what your are seeing. For example, perhaps there is significant interference on one or more channels.