ISP blocked pfSense router due to too many dhcp requests
-
Hi,
this morning my pfSense 1.2.3 router got blocked by my ISP because it was doing about 10k dhcp request in half an hour according to them. Couldn't find the cause so did a clean install of pfSense 2.
Still no luck getting the connection back up, however it works as soon as I hook up my laptop directly to the fiber modem.
Any idea's? Setting the IP static didn't work, has to be dhcp.
pfSense's log:
Nov 8 14:29:11 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2 Nov 8 14:29:10 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:29:10 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:29:10 dhclient: PREINIT Nov 8 14:29:10 kernel: em1: link state changed to UP Nov 8 14:29:10 check_reload_status: Linkup starting em1 Nov 8 14:29:08 kernel: em1: link state changed to DOWN Nov 8 14:29:08 check_reload_status: Linkup starting em1 Nov 8 14:29:08 php: : HOTPLUG: Configuring interface wan Nov 8 14:29:08 php: : DEVD Ethernet attached event for wan Nov 8 14:29:06 php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was '' Nov 8 14:29:06 dhclient[57605]: exiting. Nov 8 14:29:06 dhclient[57605]: exiting. Nov 8 14:29:06 dhclient[57605]: connection closed Nov 8 14:29:06 dhclient[57605]: connection closed Nov 8 14:29:06 php: : DEVD Ethernet detached event for wan Nov 8 14:29:05 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2 Nov 8 14:29:03 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2 Nov 8 14:29:03 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:29:03 dhclient: PREINIT Nov 8 14:29:02 kernel: em1: link state changed to UP Nov 8 14:29:02 check_reload_status: Linkup starting em1 Nov 8 14:29:01 kernel: em1: link state changed to DOWN Nov 8 14:29:01 check_reload_status: Linkup starting em1 Nov 8 14:29:01 php: : HOTPLUG: Configuring interface wan Nov 8 14:29:01 php: : DEVD Ethernet attached event for wan Nov 8 14:29:00 apinger: Error while feeding rrdtool: Broken pipe Nov 8 14:28:59 php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was '' Nov 8 14:28:59 dhclient[43226]: exiting. Nov 8 14:28:59 dhclient[43226]: exiting. Nov 8 14:28:59 dhclient[43226]: connection closed Nov 8 14:28:59 dhclient[43226]: connection closed Nov 8 14:28:59 php: : DEVD Ethernet detached event for wan Nov 8 14:28:58 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 5 Nov 8 14:28:56 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2 Nov 8 14:28:56 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:28:56 dhclient: PREINIT Nov 8 14:28:55 kernel: em1: link state changed to UP Nov 8 14:28:55 check_reload_status: Linkup starting em1 Nov 8 14:28:54 kernel: em1: link state changed to DOWN Nov 8 14:28:54 check_reload_status: Linkup starting em1 Nov 8 14:28:54 php: : HOTPLUG: Configuring interface wan Nov 8 14:28:54 php: : DEVD Ethernet attached event for wan Nov 8 14:28:52 php: /status_interfaces.php: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was '' Nov 8 14:28:52 dhclient[33927]: exiting. Nov 8 14:28:52 dhclient[33927]: exiting. Nov 8 14:28:52 dhclient[33927]: connection closed Nov 8 14:28:52 dhclient[33927]: connection closed Nov 8 14:28:52 php: : DEVD Ethernet detached event for wan Nov 8 14:28:52 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 3 Nov 8 14:28:50 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2 Nov 8 14:28:49 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:28:49 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1 Nov 8 14:28:49 dhclient: PREINIT Nov 8 14:28:48 kernel: em1: link state changed to UP Nov 8 14:28:48 check_reload_status: Linkup starting em1 Nov 8 14:28:47 kernel: em1: link state changed to DOWN Nov 8 14:28:47 check_reload_status: Linkup starting em1 Nov 8 14:28:44 dhclient[9601]: exiting. Nov 8 14:28:44 dhclient[9601]: exiting. Nov 8 14:28:44 dhclient[9601]: connection closed Nov 8 14:28:44 dhclient[9601]: connection closed Nov 8 14:28:29 check_reload_status: Reloading filterHardware: MSI IM-945GSE-A, two onboard Intel 82574L GbE LAN NIC's, 1GB RAM, 2GB CF card.
-
Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.
That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572
-
It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.
Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.
-
Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.
That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572
I was with the previous ISP and forgot to remove it (didn't cause any problems though, ran fine for months). But the log I posted is from a clean install of pfSense 2.
pfSense 1.2.3 only mentioned lines like these in the log "dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1"It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.
Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.
ISP said they where sending a reply, pfSense did not seem to see it though.
Right now I've got my laptop with XP hooked up directly to the modem which works normal. I also am working on a Debian install to see if that works, was already planning on switching to Debian (or any Linux distro) anyway.
-
If you are seeing those log entries on an interface without a spoofed mac, then there is something going on physically. It's reporting that it's losing link, so it could be the NIC or the cable or something along those lines.
At the very least you could try swapping the assignment of WAN and LAN to see if the problem follows the NIC. Swapping out the cable is cheap and easy, so also worth a try.
-
Did that, made no difference. Same issue with both NIC's. Also hooked it up with a short cable to the cablemodem, also no difference.
edit: I'm back in business. Couldn't get Debian to cooperate (guess I'll have to learn more about Debian before I try that again), but IPFire was willing to cooperate, I'm back online :) , now hoping it keeps working.
But I've still no clue what happened this morning with pfSense.
