Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Overspec Firewall Keeps Dropping internet connection.

    General pfSense Questions
    3
    13
    4.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wallabybob
      last edited by

      @whatthehost:

      We are on an 6MB/6MB Telstra Fibre connection and we had no issues with it on the previous setup.

      "Previous setup" meaning Shorewall OR pfSense with the now dead hard drive?

      @whatthehost:

      Can anyone shed any light on this, or tell me where to start looking. As a Linux guy, I am not totally up with the play on BSD.

      A good start would be to look through the pfSense system log around the time the pfSense WAN link went down. See Status -> System Logs for the most recent system log entries or give the pfSense shell command```

      clog /var/log/system.log

      
      Does your WAN link use PPP or DHCP or …?
      
      What version of pfSense have you installed? There have been reports of PPP not restarting on some WAN links but it has proved difficult to reproduce the problem. (For example, I haven't seen it in the more than a year I have used PPP on my WAN link.)
      1 Reply Last reply Reply Quote 0
      • W
        whatthehost
        last edited by

        Hi Thanks for the reply.

        @wallabybob:

        @whatthehost:

        We are on an 6MB/6MB Telstra Fibre connection and we had no issues with it on the previous setup.

        "Previous setup" meaning Shorewall OR pfSense with the now dead hard drive?

        Shorewall

        @whatthehost:

        Can anyone shed any light on this, or tell me where to start looking. As a Linux guy, I am not totally up with the play on BSD.

        A good start would be to look through the pfSense system log around the time the pfSense WAN link went down. See Status -> System Logs for the most recent system log entries or give the pfSense shell command```

        clog /var/log/system.log

        
        Yeah didn't find anything telling in the logs.
        
        Does your WAN link use PPP or DHCP or …?
        
        It's a static business ethernet connection, over fibre.
        
        What version of pfSense have you installed? There have been reports of PPP not restarting on some WAN links but it has proved difficult to reproduce the problem. (For example, I haven't seen it in the more than a year I have used PPP on my WAN link.)
        

        I am on 2.0.1-RELEASE-pfSense (amd64)

        I haven't had much time to see what's going on, when it happens, as I have to get the net back up ASAP. But it appears to be lagging on the web interface, however it shows miniscule CPU and Memory usage.

        Thanks
        Sam

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          On the Interfaces -> (assign) page what network port is reported for the LAN interface? the WAN interface?

          Please provide more details of what you mean by the "firewall dropping the internet connection" - browser on LAN clients reports "Host unavailable"?  browser downloads stall? browser reports timeout?

          What do you do to recover from "the firewall dropping the internet connection"?

          The next time it happens I suggest you issue the following commands in a SSH session to the pfSense box (preferred) or on the pfSense console (if you can't get a SSH session to the pfSense box)```

          ping -c 3 www.bigpond.com

          ping -c 3 144.135.18.32

          
          As yet there isn't enough evidence to distinguish between
          
          *   loss of communication between pfSense WAN interface and the Internet
          
          *   loss of communication between pfSense LAN interface and local systems
          
          *   name server inaccessible
          
          *   etc
          1 Reply Last reply Reply Quote 0
          • W
            whatthehost
            last edited by

            WAN is em0
            LAN is em1

            When it drops, I can ping the firewall. I can log in to the firewall, although the web interface is laggy. I can't ping external IP's or DNS names from inside the network or from the firewall itself.

            I have to restart the firewall to recover.

            I have tried pinging when it goes down and the results were as above. Can't ping addresses or names, so not a DNS issue.

            Thanks
            Sam

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              What type of connection? DHCP, PPPoE, static, …?

              1 Reply Last reply Reply Quote 0
              • W
                whatthehost
                last edited by

                Static ethernet on a fibre connection. This morning, new problem, the internet was still working. NAT to our Web server stopped working. NAT to other servers worked as usual. Could telnet server locally on web ports, not from outside. Restarted firewall, started working again. Maybe it doesn't like our hardware. Either way pfsense is coming out tonight. Can't keep this up, the boss and users are losing patience.

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  Sounds a lot like an IP conflict, like your former firewall still plugged in or something else with those IPs assigned. Rebooting "fixes" because it sends a gratuitous ARP which makes that system win back the conflicting IP at least for some period of time. Lag in some parts of the web interface happens when you have no DNS connectivity, 2.0.2 and newer won't though.

                  1 Reply Last reply Reply Quote 0
                  • W
                    whatthehost
                    last edited by

                    I don't think it's an IP conflict, as the former firewalls motherboard blew up and was replaced with pfSense. Only way it could be a conflict is if someone at Telstra was encroaching on our subnet. Wouldn't pfSense log detected conflicts though?

                    I will install it on a virtual machine on one of our vmware servers. That will prove/disprove hardware conflict.

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      You will see that, when it happens, in the system log for the WAN IP itself and for IP aliases and CARP IPs, that is assuming the firewall can actually see the conflict. Depending on the type of connection and other details of the network it can be possible for an IP conflict to happen and only be seen by your upstream router, though that's usually not the case.

                      1 Reply Last reply Reply Quote 0
                      • W
                        whatthehost
                        last edited by

                        I was using IP Alias not CARP. Should I be using CARP or PROXY ARP instead?

                        It silently dropped inbound web traffic to one host this morning and fixed itself after about 15 minutes. No errors in log. Seems consistent with ARP problems.

                        Thanks
                        Sam

                        1 Reply Last reply Reply Quote 0
                        • C
                          cmb
                          last edited by

                          CARP is fine too. CARP will log IP conflicts as well. Proxy ARP won't. What it can't tell is where there is an MAC conflict on the network. CARP, like VRRP, uses a virtual MAC address that's determined by the VHID. If anything on the same broadcast domain is using the same VHIDs as you are with either CARP or VRRP, you have a MAC address conflict, which will exhibit itself the same as an IP conflict. If you're using low numbered VHIDs, I'd change those to higher uncommonly used VHIDs, 200+ generally a good choice in such circumstances.

                          1 Reply Last reply Reply Quote 0
                          • W
                            whatthehost
                            last edited by

                            Ok thanks

                            Virtualising the firewall, has (so far) stopped it from intermittently dropping all traffic. I have had one more instance of it stopping forwarding under proxy ARP. Have shifted it back to IP Alias and will see hot it goes.

                            Cheers
                            Sam

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.