4. ISP blocked pfSense router due to too many dhcp requests

ISP blocked pfSense router due to too many dhcp requests

  • B

    Hi,

    this morning my pfSense 1.2.3 router got blocked by my ISP because it was doing about 10k dhcp request in half an hour according to them. Couldn't find the cause so did a clean install of pfSense 2.

    Still no luck getting the connection back up, however it works as soon as I hook up my laptop directly to the fiber modem.

    Any idea's? Setting the IP static didn't work, has to be dhcp.

    pfSense's log:

    Nov 8 14:29:11 	dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:10 	dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:10 	dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:10 	dhclient: PREINIT
Nov 8 14:29:10 	kernel: em1: link state changed to UP
Nov 8 14:29:10 	check_reload_status: Linkup starting em1
Nov 8 14:29:08 	kernel: em1: link state changed to DOWN
Nov 8 14:29:08 	check_reload_status: Linkup starting em1
Nov 8 14:29:08 	php: : HOTPLUG: Configuring interface wan
Nov 8 14:29:08 	php: : DEVD Ethernet attached event for wan
Nov 8 14:29:06 	php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:29:06 	dhclient[57605]: exiting.
Nov 8 14:29:06 	dhclient[57605]: exiting.
Nov 8 14:29:06 	dhclient[57605]: connection closed
Nov 8 14:29:06 	dhclient[57605]: connection closed
Nov 8 14:29:06 	php: : DEVD Ethernet detached event for wan
Nov 8 14:29:05 	dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:03 	dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:03 	dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:03 	dhclient: PREINIT
Nov 8 14:29:02 	kernel: em1: link state changed to UP
Nov 8 14:29:02 	check_reload_status: Linkup starting em1
Nov 8 14:29:01 	kernel: em1: link state changed to DOWN
Nov 8 14:29:01 	check_reload_status: Linkup starting em1
Nov 8 14:29:01 	php: : HOTPLUG: Configuring interface wan
Nov 8 14:29:01 	php: : DEVD Ethernet attached event for wan
Nov 8 14:29:00 	apinger: Error while feeding rrdtool: Broken pipe
Nov 8 14:28:59 	php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:28:59 	dhclient[43226]: exiting.
Nov 8 14:28:59 	dhclient[43226]: exiting.
Nov 8 14:28:59 	dhclient[43226]: connection closed
Nov 8 14:28:59 	dhclient[43226]: connection closed
Nov 8 14:28:59 	php: : DEVD Ethernet detached event for wan
Nov 8 14:28:58 	dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 5
Nov 8 14:28:56 	dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:28:56 	dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:56 	dhclient: PREINIT
Nov 8 14:28:55 	kernel: em1: link state changed to UP
Nov 8 14:28:55 	check_reload_status: Linkup starting em1
Nov 8 14:28:54 	kernel: em1: link state changed to DOWN
Nov 8 14:28:54 	check_reload_status: Linkup starting em1
Nov 8 14:28:54 	php: : HOTPLUG: Configuring interface wan
Nov 8 14:28:54 	php: : DEVD Ethernet attached event for wan
Nov 8 14:28:52 	php: /status_interfaces.php: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:28:52 	dhclient[33927]: exiting.
Nov 8 14:28:52 	dhclient[33927]: exiting.
Nov 8 14:28:52 	dhclient[33927]: connection closed
Nov 8 14:28:52 	dhclient[33927]: connection closed
Nov 8 14:28:52 	php: : DEVD Ethernet detached event for wan
Nov 8 14:28:52 	dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 3
Nov 8 14:28:50 	dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:28:49 	dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:49 	dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:49 	dhclient: PREINIT
Nov 8 14:28:48 	kernel: em1: link state changed to UP
Nov 8 14:28:48 	check_reload_status: Linkup starting em1
Nov 8 14:28:47 	kernel: em1: link state changed to DOWN
Nov 8 14:28:47 	check_reload_status: Linkup starting em1
Nov 8 14:28:44 	dhclient[9601]: exiting.
Nov 8 14:28:44 	dhclient[9601]: exiting.
Nov 8 14:28:44 	dhclient[9601]: connection closed
Nov 8 14:28:44 	dhclient[9601]: connection closed
Nov 8 14:28:29 	check_reload_status: Reloading filter

    Hardware: MSI IM-945GSE-A, two onboard Intel 82574L GbE LAN NIC's, 1GB RAM, 2GB CF card.

    0
  • Rebel Alliance Developer Netgate

    Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.

    That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572

    0
  • W

    It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.

    Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.

    0
  • B

    @jimp:

    Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.

    That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572

    I was with the previous ISP and forgot to remove it (didn't cause any problems though, ran fine for months). But the log I posted is from a clean install of pfSense 2.
    pfSense 1.2.3 only mentioned lines like these in the log "dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1"

    @wallabybob:

    It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.

    Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.

    ISP said they where sending a reply, pfSense did not seem to see it though.

    Right now I've got my laptop with XP hooked up directly to the modem which works normal. I also am working on a Debian install to see if that works, was already planning on switching to Debian (or any Linux distro) anyway.

    0
  • Rebel Alliance Developer Netgate

    If you are seeing those log entries on an interface without a spoofed mac, then there is something going on physically. It's reporting that it's losing link, so it could be the NIC or the cable or something along those lines.

    At the very least you could try swapping the assignment of WAN and LAN to see if the problem follows the NIC. Swapping out the cable is cheap and easy, so also worth a try.

    0
  • B

    Did that, made no difference. Same issue with both NIC's. Also hooked it up with a short cable to the cablemodem, also no difference.

    edit: I'm back in business. Couldn't get Debian to cooperate (guess I'll have to learn more about Debian before I try that again), but IPFire was willing to cooperate, I'm back online :) , now hoping it keeps working.

    But I've still no clue what happened this morning with pfSense.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy