Unstable PfSense



  • Version 2.0.1-RELEASE (i386)
    built on Mon Dec 12 17:53:52 EST 2011
    FreeBSD 8.1-RELEASE-p6
    Platform pfSense
    CPU Type Pentium(R) Dual-Core CPU E5700 @ 3.00GHz, only two NICs, LAN and WAN (Static IP).
    I've just about looked everywhere for a solution and changed NICs countless times. I keep losing connexion.
    When I surf the web I constantly need to reload the page because the browser just seems to hang there, not going anywhere.
    When I'm perusing the logs in the PfSense, via SSH, all of the sudden it freezes, then after about 5 min I get a Broken pipe message.
    In lighttpd.error.log there are lots of (connections.c.1711) SSL (error): 5 -1 54 Connection reset by peer, (connections.c.1711) SSL (error): 5 -1 1 Operation not permitted, (connections.c.1711) SSL (error): 5 -1 32 Broken pipe.
    In system.log I get a few: sshd[46098]: fatal: Write failed: Operation not permitted
    I'm running squid and squidguard, and I'm serving about 300 clients.
    With this very same machine I used to run IPCop, then IPFire with no problem at all. Wanted to give PfSense a try because it has so much more to offer but I'm so frustrated 'cos I can't find the cause of the problem.
    When my session "hangs", tcpdump, in pfsense, start displaying "arp who-has" messages. Any help will be greatly appreciated.



  • Sounds like some hardware going south somewhere…

    Have you tried new patch cords between your modem and router box?


  • Rebel Alliance Developer Netgate

    If you only have one WAN, or you have a gateway entry with an invalid/unpingable monitor IP, try disabling state killing (System > Advanced, Misc tab).

    Or you can check your gateways under Status > Gateways, if you have one that is always down, edit it under System > Routing and fix the monitor IP or disable monitoring for that gateway.



  • Chpalmer: Can't be the patch cords. Because If I switch the machine and put on an "IPFire" everything works.
    Jimp: I've ticked "States", in System:Advanced:Miscellaneous and disabled monitoring on all my gateways except the one that points to the Internet. May be I should have mentioned that I have over 20 subnets connected. Anyway, things have greatly IMPROVED..It's only been a couple of hours, but everything seems to be running smoothly…thank you so much.


  • Netgate Administrator

    @gga:

    disabled monitoring on all my gateways except the one that points to the Internet.

    That sounds possibly bad.
    How many interfaces are you running?
    You would 'usually' only have a gateway on WAN interfaces. The only time you would have a gateway on other interfaces is if you have internal subnets reachable via some other internal router or tunnel, which you may well have.

    Steve



  • I have two interfaces. WAN with a static public IP. LAN private IP and several subnets connected via other routers.
    Steve, what could be the consequences of disabling gateway monitoring?.


  • Netgate Administrator

    Not much as far as I know. The gateway would not be removed if it goes down so pfSense would continue to try sending traffic instead of returning a no route error. You get no gateway quality data.
    The only reason I commented is that some people add gateways to all their interfaces regardless and that causes trouble. You said "all my gateways" and "20 subnets", at sounded like you may have fallen into that trap but it seems as though you're better than that.  ;)

    Steve


  • Rebel Alliance Developer Netgate

    Disabling gateway monitoring is fine for local gateways. There is no benefit to monitoring them.

    You really only need to monitor WAN-facing gateways.


Locked