Internal net stops passing traffic

  • Hi!

    I have a strange problem and I don't know what to look at.  I have two internal vlan's, a workstation and a server one.  On the server VLAN, I have a nessus vulnerability scanner running.

    Not all the time, but occassionally (a few times a day), something will break and I won't be able to get out beyond the vlan I'm in.  So, for example, on the workstation subnet, I can't get to the server net, and the server net can't get to the workstations.  Likewise, on the workstation net, I can't get to the pfsense box or the web sites, and the same on the server vlan.

    When this is going on, I've looked at the console and I can't seem to find anything out of the ordinary with it.  I still have the routes, DHCP is still running, and on the pfsense box, I can ping and get out to the internet.  There's nothing in the dmesg log that gives a clue that something is broke.  And this only happens when I'm running a nessus scan.  I've also increased my state table size to 1,800,000, and  I only have 8% memory usage, and the CPU is down at 0% util.

    The only thing is that I'm running 2.0-rc3.  I don't want to upgrade now because we're in the middle of scanning and I'm not sure it will fix the problem.  Does anybody have any ideas or suggestions on why this might be happening?


  • Some additional information on this….

    • I have a broadcom bge card and adjusted / tuned the settings today to follow this article...

    • I upgraded to 2.0 release
    • I monitored the vmstat -z | grep -i mbuf and systat -mbuf and nothing looked like it was horrible.  The systat had the bar towards the lower end (less than a quarter), and the vmstat didn't give any failures or anything else.

    When the loss of connectivity, on the pfsense box, if I do "ifconfig bge1 down" and then "ifconfig bge1 up", everything starts working again.  The dmesg and none of the other logs in /var/log indicate a problem.  Also, if i do "ifconfig bge1", the interface is 'up' and everything looks normal on it.

    Thanks in advance.

  • Are those NICs intergrated on the main board? If they are not, swap out bge1 for a fxp0 (Broadcom for and Intel) and see if that stabilizes the setup. If its onboard, add an Intel Gig-E card and swap your vlans over to it.

  • Eick.  They're integrated on the board.

    Do you know if this is a common problem with the broadcom's, where they lose net?  We don't have any NIC's laying around, so the only options are to migrate it over to a HP server instead of the Dell, or go back to using linux as the firewall/nat/router.

    Thanks for the response

  • Reading some info I came across this…

    Might be related to the issue I'm having.  Argh.

  • I saw several people complaining about that a while back. I don't know if it will help, but perhaps a firmware update might also work. Otherwise you will have to find a way to compile and use a different kernel or module. This is one reason I look for Intel NIC based servers when I can.

Log in to reply