Problems with 1.2.3 and interfaces.



  • Hello,

    I installed 1.2.3 from the livecd to a usb stick without any problems. I selected the default install and rebooted into pfs without any problems. The problem I have is accessing the webconfigurator. I have a cable business account with 8 static IPs but to configure pfs I need to access the gui first.

    Here is what I have done:

    1. Installed pfs into usb stick (default installation)
    2. Assigned my asus m2n32-sli vista edition mobo's two nics to LAN and WAN fwe0 and fwip0 (pfs option 1)
    3. Changed the LAN setup to 192.168.0.1/24 and no DHCP server (pfs option 2)
    4. Try to access the gui from any another computer in the LAN resulted in failure.

    My setup is as follow pfs LAN and client computer connected to cisco 2950 switch. pfs WAN directly connected to cable modem where I can get all the 8 static IPs (sort of bridged configuration). Also tried connecting the client directly to the pfs box with a straight and crossover cable no luck.

    Now if I go to pfs shell (pfs option 8) and ping my local interfaces (12.0.0.1 and 192.168.0.1) i get the echo back if I ping other computers on the LAN side (echo enabled) I don't get any echoes back.

    netstat -r show (ip4)
    Dest            Gateway  flags    refs  use  neif  expire
    67.79.x.x    link#2      UC      0    0      fwip0
    localhost      localhost  UH      0    2065  lo0
    192.168.0.0  link#1      UC      0      0      fwe0

    I've tried with another asus m4a77d and an additional 3com nic same problem.

    Any ideas?

    Thanks



  • What is the IP address, network mask and default gateway of the computers on the LAN?

    If these aren't set correctly the LAN computers won't be able to access pfSense. Given how you have configured pf Sense your LAN computers should have an IP address of the form 192.168.0.x (x between 2 and 254), network mask of 255.255.255.255 and default gateway of 192.168.0.1.

    I find it easier to have all my LAN computers use DHCP to get an IP address because the other two parameters get set correctly automatically.



  • @wallabybob:

    What is the IP address, network mask and default gateway of the computers on the LAN?

    If these aren't set correctly the LAN computers won't be able to access pfSense. Given how you have configured pf Sense your LAN computers should have an IP address of the form 192.168.0.x (x between 2 and 254), network mask of 255.255.255.255 and default gateway of 192.168.0.1.

    I find it easier to have all my LAN computers use DHCP to get an IP address because the other two parameters get set correctly automatically

    Thanks for the fast reply,

    To troubleshoot this I isolated the pfs box and only one client (mac mini) connected to a cheap netgear switch.

    So here is the setup:
    1. pfs box 192.168.0.1/24 and now with DHCP enabled.
    2a. MacMini with DHCP enabled was unable to get the address from the pfs box. Defaults to internal IP
    2b. McMini with static IP assignment 192.168.0.23/24 gateway 192.168.0.1. Unable to access pfs GUI

    Tried to ping pfs box and use tcpdump fwe0 and no packets reach the pfs box. Interfaces on pfs box are up (lights are on).

    I'm at a loss here.

    UPDATE
    Turns out that the netgear is not a switch but a hub so I connected a computer running wireshark to trace the packets and it seems that the pfsense box is completeley mute. There is absolutely no activity on the pfsense box interfaces, no DHCP traffic, no ARP traffic no nothing. I can see the MacMini requesting the DHCP address and ARP but the pfsense box continues to be silent.

    I wonder if this is a nic conflict with pfsense or a configuration issue?



  • Maybe your hardware is broken in some way. Please provide the output of the shell commands:

    
    # ifconfig -a
    # netstat -i
    # vmstat -i
    
    

    to verify the interface has gone into half duplex to match the hub, to see if any traffic (including errored frames) has been seen on the interface and see if the CPU has acknowledged any interrupt requests from the NICs.

    Do you have another NIC you could try as LAN? If not, do you see anything different if you swap the roles of LAN and WAN? (Option 1 from pfSense console.)

    Is the hub 100bps capable?



  • @wallabybob:

    Maybe your hardware is broken in some way. Please provide the output of the shell commands:

    
    # ifconfig -a
    # netstat -i
    # vmstat -i
    
    

    to verify the interface has gone into half duplex to match the hub, to see if any traffic (including errored frames) has been seen on the interface and see if the CPU has acknowledged any interrupt requests from the NICs.

    Do you have another NIC you could try as LAN? If not, do you see anything different if you swap the roles of LAN and WAN? (Option 1 from pfSense console.)

    Is the hub 100bps capable?

    Yes, something is not compatible between the ASUS M2N32-SLI vista edition and PFSense. Too bad because I had this mobo laying around waiting for a good project and with dual gigabit ethernet ports pfsense was the ideal solution.

    I tried PFSense with a different mobo (ASUS A7N8X-E) with one gigabit and one 10/100 ethernet ports, with this mobo pfsense works great.

    Hub is a netgear DS108 10/100. Tomorrow I'll try a 3com and see if it works, in the mean time here is the info. I'd really like to get this mobo runing with PFsense since it has two gigabit lan ports.

    ifconfig output

    fwe0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    options=8 <vlan_mtu>ether 02:11:d8:39:8e:83
    inet6 fe80::11:d8ff:fe39:8e83%fwe0 prefixlen 64 scopeid 0x1
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    ch 1 dma 0
    fwip0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    lladdr 0.11.d8.0.1.39.8e.83.a.2.ff.fe.0.0.0.0
    inet6 fe80::211:d800:139:8e83%fwip0 prefixlen 64 scopeid 0x2
    inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
    nfe0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
    options=19b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4>ether 00:1a:92:d3:e9:d3
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nfe1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
    options=19b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4>ether 00:1a:92:d3:f3:63
    media: Ethernet autoselect (none)
    status: no carrier
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
    enc0: flags=0<> metric 0 mtu 1536
    pfsync0: flags=41 <up,running>metric 0 mtu 1460
    pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
    pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4></broadcast,simplex,multicast></up,broadcast,running,simplex,multicast></vlan_mtu></up,broadcast,running,promisc,simplex,multicast>

    netstat output

    
    Name    Mtu Network       Address              Ipkts Ierrs    Opkts Oerrs  Coll
    fwe0   1500 <link#1>02:11:d8:39:8e:83        0     0        6     0     0
    fwe0   1500 fe80:1::11:d8 fe80:1::11:d8ff:f        0     -        1     -     -
    fwe0   1500 192.168.1.0   pfSense                  0     -        0     -     -
    fwip0  1500 <link#2>00:11:d8:00:01:39:8e:83:0a:02:ff:fe:00:00:00:00        0     0        2     0     0
    fwip0  1500 fe80:2::211:d fe80:2::211:d800:        0     -        1     -     -
    fwip0  1500 0.0.0.0       0.0.0.0                  0     -        0     -     -
    nfe0*  1500 <link#3>00:1a:92:d3:e9:d3        0     0        0     0     0
    nfe1*  1500 <link#4>00:1a:92:d3:f3:63        0     0        0     0     0
    lo0   16384 <link#5>1090     0     1090     0     0
    lo0   16384 your-net      localhost             1090     -     1090     -     -
    lo0   16384 ::1           ::1                      0     -        0     -     -
    lo0   16384 fe80:5::1     fe80:5::1                0     -        0     -     -
    enc0*  1536 <link#6>0     0        0     0     0
    pfsyn  1460 <link#7>0     0        0     0     0
    pflog 33204 <link#8>0     0        0     0     0</link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1> 
    

    vmstat output

    
    interrupt                          total       rate
    irq1: atkbd0                        1168          1
    irq6: fdc0                            56          0
    irq14: ata0                           69          0
    irq16: fwohci0+                       11          0
    irq21: ohci0+                        305          0
    irq22: ehci0                       11015         11
    cpu0: timer                      1970124       1998
    cpu1: timer                      1953770       1981
    Total                            3936518       3992
    
    


  • Ah, now I see the problem. You have configured interfaces fwe0 and fwip0. fwe is for ethernet emulation over firewire and fwip is for IP over firewire. I guess your motherboard has a firewire controller.

    From everything you have said about your configuration you should be attempting to use the "real" ethernet interfaces nfe0 and nfe1 rather than fwe0 and fwip0

    It looks as if something recognisable as ethernet is plugged into nfe0 (status active) but not nfe1.



  • @wallabybob:

    Ah, now I see the problem. You have configured interfaces fwe0 and fwip0. fwe is for ethernet emulation over firewire and fwip is for IP over firewire. I guess your motherboard has a firewire controller.

    From everything you have said about your configuration you should be attempting to use the "real" ethernet interfaces nfe0 and nfe1 rather than fwe0 and fwip0

    It looks as if something recognisable as ethernet is plugged into nfe0 (status active) but not nfe1.

    I did wonder why I had those interfaces. I'll try to use the real interfaces after lunch and I'll post the results.

    UPDATE
    Ok, I reassigned the interfaces (pfs option 1) but now instead of auto-detecting the interfaces I forced the LAN to use nfe0 and the WAN to use nfe1. That did the trick.

    Everything seems to be working as expected.

    Thanks!



  • Thanks for reporting back. Bit of a trap that auto-detect and the firewire interfaces.


Log in to reply