Errors in status interfaces

  • Hi all,
    I have two boxes 1.2.3 release (built on Sun Dec 6 23:38:21 EST 2009), with 15 virtual ip (carp), about 10 ipsec tunnels (des, sha1, group2).
    The wan is parted in 4 vlans (vlan1 10mbit hdsl, vlan2 20mbit adsl, vlan3 20mbit adsl, vlan4 100mbit wifi)

    from Status/Interfaces I have this situation:

    Media 100baseTX <full-duplex>In/out packets 22294161/19292992 (3.86 GB/1.47 GB)
    In/out errors 0/55210
    Collisions 0

    WAN2 interface (vlan1)
    Media 100baseTX <full-duplex>In/out packets 82393/345183 (13.77 MB/75.93 MB)
    In/out errors 0/2095
    Collisions 0

    WAN3 interface (vlan2)
    Media 100baseTX <full-duplex>In/out packets 24892508/21675838 (1.20 GB/76.62 MB)
    In/out errors 0/63224
    Collisions 0

    WIFI interface (vlan3)
    Media 100baseTX <full-duplex>In/out packets 5507840/3261755 (3.57 GB/1.35 GB)
    In/out errors 0/10363
    Collisions 0

    In/out packets 105693896/164395537 (1008.87 MB/1.08 GB)
    In/out errors 766966/0
    Collisions 0

    When I try to ping everything behind the fw I have a lot of packet loss, the same thing when I try to ping from the firewalls.

    How can debug this situation ?



  • Rebel Alliance Developer Netgate

    I would start with the most likely suspects first:

    Change the network cable(s) first, and if possible, the switch.

  • I also noticed a strange routing thing:

    on the wifi dedicated vlan (vlan3) I have many ipsec tunnels, when I touch something in the ipsec configuration or I reboot the firewall, routes to remote peers go to hell.
    From netstat I can see that routes to those remote peers are in the wrong vlan (vlan0 that is the vlan of the principal wan).
    Doing a "route delete ip.of.the.peers" the routes coming back to the right vlan, and I am happy again.
    At the moment I semi-solved with a route delete host every 3 min in the crontab.


Log in to reply