USB Adapter for DMZ not working(Netgear FA101)?


  • I just installed pfsense on my netgate alix system(2 builtin adapters) with a netgear fa101 usb adapter for my dmz interface.  I got everything setup and it appeared to be working fine(could access dmz from lan, but not other way, dmz could access internet and internet to dmz).  I rebooted and now the dmz no longer works at all.  The computer in it can't get out(nothing even showing on the packet capture) and nothing can get in(lan or internet).  No new rules, and all had been saved/applied before and was working.  The arp tables aren't even showing the other host, although the adapter shows it is connected.

    The interface status is:
    DMZ interface (ue0)
    Status up
    MAC address 00:09:5b:06:cc:8b
    IP address 192.168.100.1  
    Subnet mask 255.255.255.0
    Media 10baseT/UTP
    In/out packets 0/0 (0 bytes/4 KB)
    In/out packets (pass) 0/68 (0 bytes/4 KB)
    In/out packets (block) 0/0 (0 bytes/0 bytes)
    In/out errors 0/0
    Collisions 0

    I plugged the usb interface into another pc and it worked just fine.  I also plugged another computer into the interface while it was on the firewall and it also couldn't touch the firewall(ip was manually assigned to match that subnet, etc).

    Thoughts?


  • Just to add some more detail:

    Logged in via ssh and did dmesg and noticed the adapter was going UP and DOWN quite frequently.  I did a 'usbconfig -u 0 -a 2 power_off' and then power_on, ifconfig down and up, and now it works again.  Even rebooting wasn't fixing it but that did.  Ideas?

  • Netgate Administrator

    You mean aue0?
    Nothing else in the logs?
    Is the MAC address correct? I have experienced USB ethernet devices change MAC between power cycles which really screws things! Though not with this driver.

    Steve


  • @stephenw10:

    You mean aue0?
    Nothing else in the logs?
    Is the MAC address correct? I have experienced USB ethernet devices change MAC between power cycles which really screws things! Though not with this driver.

    Steve

    dmesg shows aue0 as the car, then ifconfig, etc shows ue0.  Example dmesg:
    aue0: <netgear 0="" 2="" netgear="" fa101="" adapter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on usbus0                       
    miibus2: <mii bus="">on aue0                                                                             
    acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus2                                                 
    acphy0:  100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto                 
    ue0: <usb ethernet="">on aue0                                                                             
    ue0: link state changed to UP                                                                           
    ue0: link state changed to DOWN

    Mac doesn't appear to change.  My device keeps going down then up but seems to be accessible at all times.  If i reboot the firewall I must do the usbconfig commands above though or nothing works.  Any idea how I can get that to run on startup?</usb></acxxx></mii></netgear>

  • Netgate Administrator

    To be honest I have no idea why it's flapping like that. There have been other reports of flapping interfaces with solutions on the forum here.
    There are a number of ways of running a command at boot time, see:
    http://doc.pfsense.org/index.php/Executing_commands_at_boot_time

    Steve


  • @stephenw10:

    To be honest I have no idea why it's flapping like that. There have been other reports of flapping interfaces with solutions on the forum here.
    There are a number of ways of running a command at boot time, see:
    http://doc.pfsense.org/index.php/Executing_commands_at_boot_time

    Steve

    Can you suggest a usb network card(not wireless though) that pfsense gets along with well?

  • Netgate Administrator

    I can't I'm afraid. For a time I ran a Belkin USB adapter but it was really only as a test and it was under 1.2.3 and I can't find it now to get the part number anyway.  ::)

    I just noticed though that in your first post the adapter is reporting the media as 10baseT yet it is 100Mb capable, are you forcing this?

    Most of the other issues people had with flapping, here for instance, seem to be caused by forcing a setting on the adapter.

    Steve


  • @stephenw10:

    I can't I'm afraid. For a time I ran a Belkin USB adapter but it was really only as a test and it was under 1.2.3 and I can't find it now to get the part number anyway.  ::)

    I just noticed though that in your first post the adapter is reporting the media as 10baseT yet it is 100Mb capable, are you forcing this?

    Most of the other issues people had with flapping, here for instance, seem to be caused by forcing a setting on the adapter.

    Steve

    Definitely have not forced it, just seemed to decide it wanted to be that way for some reason.  Running it on a netgate alix board so not sure if that could be part of the problem or not.

  • Netgate Administrator

    It shouldn't make any difference on the Alix. What is it connected to at the other end? Is that forcing it 10Mb?
    In the first post was that when it wasn't working? What is the interface status when it is working?

    Steve


  • @stephenw10:

    It shouldn't make any difference on the Alix. What is it connected to at the other end? Is that forcing it 10Mb?
    In the first post was that when it wasn't working? What is the interface status when it is working?

    Steve

    Status is the same regardless of working or not(first post was working though).  The other end is a dell server(10/100/1000 adapter) and cable is also capable of 100.

  • Netgate Administrator

    The fact that it's showing the connection as 10baseT and not 100 indicates a problem to me. Does the Dell server also see the connection as 10baseT?
    One end is not auto negotiating properly for some reason.

    Steve


  • 100baseTX auto on the dell server side, which is what it's capable of.

  • Netgate Administrator

    Well the fact that the two ends are showing different connection types is not good!
    If auto-negotiation is not working, for whatever reason, try setting them both to 100Mbps full duplex manually.

    Steve


  • Ended up buying a trendnet usb to ethernet adapter for $7 at radio shack.  Works great, no bouncing, negotiates at 100mb.  Definitely adapter related.