Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dropped packets with no logging

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 4 Posters 14.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Santron99444a
      last edited by

      I am having an issue with dropped packets. It is happening randomly on every client PC. I have attached a screen shot of my local PC and a remoted PC. In this instance my local PC lost packets but the remoted one did not. The firewall logs have no mention of packet going to or coming back from 216.70.224.97 being blocked.
      Using the packet capture feature on the firewall I have captured packets at the time of the packet loss, the capture packet program shows no packets passing through the firewall. The IP address can be any IP on the internet. I have also made sure the client computer can ping other client computers during the packet loss. This was to check internal hardware to make sure packets are passing OK.

      I have gone through some of the Forum posts and found some hardware/drivers to be problematic so I did Disable Hardware Checksum Offloading. I have 3 interfaces 1 LAN and 2 ISPs (one sdsl and one t1). I redirect a couple of specific IP's out of the SDSL and all other traffic out of the T1 line. I have verified that the SDSL and the T1 both loose packets at the same time from the same client.

      Using version: 1.2.2

      I have 3 interfaces.
      I have Disable Hardware Checksum Offloading: Checked

      UPDATE: I have confirmed that with three command windows open, 1 pinging through the T1, one Pinging through the SDSL, and one pinging the network card IP address of the Firewall that the 1 pinging the IP address of the nic card of the firewall still returns the packets and is being logged by the capture packet program but the 2 going out of the internet are being dropped with no trace of those packets in any log.

      dropped-packets.JPG
      dropped-packets.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What do the various RRD graphs in pfSense show when this happens? (Status > RRD Graphs)

        Also, what kind of network cards do you have? And what kind of hardware is the router in general? (general system specs and such would help)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Santron99444a
          last edited by

          Most of the graphs look fine. But I did see the quality graph was totally incorrect.

          HP 4300 workstation 4 Gb memory
          Lan on the mother board NIC and

          T1 and SDSL on older 3com TX nics

          quality.JPG
          quality.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • S
            Santron99444a
            last edited by

            This problem has persisted. I have disabled the snort service and the problem still happens.

            To add to my configuration:
            My computer goes out a Netvanta 1224ST, HP Procurve switch 2524, 3com Superstack II, and then PFSENSE FIREWALL. Like I said before I am able to ping the LAN card on the firewall at the same time all traffic disappears through the firewall. The packet capture program on the PFSENSE shows the pings hitting the LAN card but all other traffic from "my PC only" is absent during the time the traffic disappears.

            1 Reply Last reply Reply Quote 0
            • S
              Santron99444a
              last edited by

              OK, so this is really on my nerves. I removed the third LAN card and made it a simple LAN - Wan. I did a fresh install from CD to 1.2.3-RELEASE. I only downloaded squid and Light squid. The 3 addresses I ping are 10.134.1.249(LAN), 172.25.1.2(WAN) and 66.xxx.x.xx(ISP Router). When my connection gets disrupted I always loose connection past the LAN card. It happens randomly throughout the day but I can trigger it to happen by opening multiple web pages at once.

              It is definitely the firewall and the logs are not showing any rejects. The packet capture program on PFSENSE shows a complete loss of all data for my workstation except the pings on the LAN card. All other data is still streaming through. The CPU usage never goes high. Memory usage is at 8%. Swap and disk usage at 0%

              Please any thoughts. I have attached some RRD graph.

              Graph1.JPG
              Graph1.JPG_thumb
              graph2.JPG
              graph2.JPG_thumb
              graph3.JPG
              graph3.JPG_thumb
              graph4.JPG
              graph4.JPG_thumb

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                It might help to see the output of this command:

                ifconfig -a
                

                From either Diagnostics > Command, or from a shell prompt.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • S
                  Santron99444a
                  last edited by

                  Jimp,

                  here it is.

                  $ ifconfig -a
                  bge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                  options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:16:35:a9:44:05
                  inet 10.134.1.249 netmask 0xffffff00 broadcast 10.134.1.255
                  inet6 fe80::216:35ff:fea9:4405%bge0 prefixlen 64 scopeid 0x1
                  media: Ethernet autoselect (100baseTX <full-duplex>)
                  status: active
                  xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                  options=9 <rxcsum,vlan_mtu>ether 00:10:4b:17:27:3f
                  inet6 fe80::210:4bff:fe17:273f%xl0 prefixlen 64 scopeid 0x2
                  inet 172.25.1.2 netmask 0xffffff00 broadcast 172.25.1.255
                  media: Ethernet autoselect (100baseTX)
                  status: active
                  xl1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
                  options=9 <rxcsum,vlan_mtu>ether 00:10:4b:66:60:25
                  media: Ethernet autoselect (none)
                  status: no carrier
                  lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
                  inet 127.0.0.1 netmask 0xff000000
                  inet6 ::1 prefixlen 128
                  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
                  enc0: flags=0<> metric 0 mtu 1536
                  pfsync0: flags=41 <up,running>metric 0 mtu 1460
                  pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
                  pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></rxcsum,vlan_mtu></broadcast,simplex,multicast></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Did you still have checksums disabled? Because they're enabled in that output. I was expecting to maybe see one or two other options though that have been known to be problematic, but it doesn't appear that your hardware supports them (LRO and/or TSO)

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • S
                      Santron99444a
                      last edited by

                      When I did the clean install I dit not turn off the checksums. Do you think I should do that?

                      One thing I notice is my Wan lan card does not support full duplex and there are collisions on the wan side. On the lan side their are about 15 computers and on the wan side there is a cisco router and sonicwall router. The cisco is a VPN and the sonicwall is the managed firewall.

                      Status  up
                      MAC address 00:10:4b:17:27:3f
                      IP address 172.25.1.2 
                      Subnet mask 255.255.255.0
                      Gateway 172.25.1.1
                      ISP DNS servers 208.67.222.222
                      208.67.220.220
                      Media 100baseTX
                      In/out packets 6160156/6597801 (2.73 GB/1.33 GB)
                      In/out errors 0/0
                      Collisions 3506
                      LAN interface (bge0)
                      Status up
                      MAC address 00:16:35:a9:44:05
                      IP address 10.134.1.249 
                      Subnet mask 255.255.255.0
                      Media 100baseTX <full-duplex>In/out packets 6278636/6654585 (1.30 GB/2.71 GB)
                      In/out errors 0/0
                      Collisions 0</full-duplex>

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        That bge card most certainly supports full duplex, if there is an issue it's with what you are plugged into.

                        Can you try swapping LAN and WAN? You're much better off with that high-quality bge card on the LAN where you are likely hooked into a better switch, and the older xl (3com) nic might better facing the Cisco.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • D
                          danswartz
                          last edited by

                          Kinda baffled as to why this thread is in the "Packages" forum?  Unless the OP misread since he is complaining about dropped "Packets"?  Maybe a mod could move it?

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            @danswartz:

                            Kinda baffled as to why this thread is in the "Packages" forum?  Unless the OP misread since he is complaining about dropped "Packets"?  Maybe a mod could move it?

                            I read via the "all new posts" link and often completely miss what forum a question is posted in :-)

                            It's moved now.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • S
                              Santron99444a
                              last edited by

                              I went and bought 2 INTEL|PWLA8391GTBLK nic cards. I installed them in a different HP PC computer. I did a clean install of PFSENSE 1.2.3. Release. I installed Squid and light squid.  Made em0 (LAN) 1 Intel nic and em1 (Wan) the other Intel Nic.

                              I switched out the other computer with this one and I am getting the same result. At random intervals and when I attempt to load multiple WebPages all traffic gets dropped going through the firewall. I can ping both sides of the firewall and then all of a sudden the wan side becomes unreachable and the LAN side is perfectly fine. During this time if you do a packet capture on the PFSENSE it shows all my traffic that is attempting to go through the firewall is gone but the pings hitting the LAN side are being registered.
                              This only leaves 2 possibilities I can think of. 1) The motherboard on this HP has problems with the Freebsd distribution 2) There is a problem with squid or lightsquid.
                              Can anyone think of any other possibilities?

                              new-nics.JPG
                              new-nics.JPG_thumb

                              1 Reply Last reply Reply Quote 0
                              • W
                                wallabybob
                                last edited by

                                Another possibility: Your WAN link goes down for a time and packets are discarded because there is no route to send them.

                                Are you able to reproduce the problem? Can you reproduce the problem with squid and lightsquid NOT installed?

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Santron99444a
                                  last edited by

                                  The problem is the other 24 computers do not lose their route at the same time and it is random for them also. So when I do the packet capture other client’s data is still going through the firewall when my data gets dropped. I have confirmed the other clients loose packets randomly. I plan on using a different type of computer next with the original 3 com nic cards. I will test without squid and light squid and then add just squid.

                                  I am able to reproduce it by opening several Firefox windows at the same time (10 or more). When I force reproduce it I am bypassing the squid proxy for my client.
                                  I cannot force it to lose packets if I use the Proxy but the random drops still happen.

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Santron99444a
                                    last edited by

                                    I tried to install 1.2.3 onto an old Pentium 4 1.6 but when it got to the part where it was attempting to FDISK the drive the bios was sending the correct head count and it kept saying the only valid number is from 5 - 1024 but free bsd wanted the number to be 5003. Changing this number did nothing it still failed with the same error. I skipped this part but without a format the boot-loader did not load.

                                    Using the original HP machine I did a clean install (I even chose the single processor option this time). No packages. I have the exact same result. Unfortunately right now I do not have another machine to install on.

                                    Since both machines have the same motherboard and different NIC cards, it comes down to this specific motherboard. It is the HP XW4300 using Intel 955X chipset dual core Intel Pentium D 840. I think I have checked the different hardware possibilities sufficient with these 2 separate computers to say either the software is not working (not likely) or the drivers are not playing nice with this motherboard.

                                    I do not know enough about Free BSD to install different drivers and try to make it work.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.