Silicom PEG6I Six Port Gigabit PCIE
-
Hi,
I am currently building my second pfsense box and i have some strange issue.I am trying to configure a Silicom PEG6I Six Port gigabit (pcie) card and no matter what I do, I can't connect any computer through it. Pfsense do see the 6 active ports, I assign the interface and set up the DHCP server properly but I can't connect any computer to it. I only get an ip starting with "169." (zero configuration networking address)(I'm building my network with 10.x.x.x address). I have tried to connect a computer directly in the NIC with a cross-over cable, with a normal RJ45 cable (hoping that AUTO-SENSE is on and it will detect that it is a NIC to NIC connection) or with a switch and no matter what I do, I can't get it to work. It's been a couple of days that I work on this situation and I ran out of resources…
Does anybody have any hint on what's going on?Thank you really much for your time
Best Regards -
I suggest you connect one interface from the card to a switch (do any lights on the card come on?), then type the pfSense shell command```
ifconfig
I'll take a look when I get back from the doctor and give you an interpretation. Have you searched the pfSense forums for reports from other users of that card? (Its model number seems familiar.)
-
This was the card that didn't setup it's PCI bridge chip properly when paired with certain boards/bioses.
Search the forum.What board are you using?
Steve
-
-
Should have been clearer, I meant motherboard and BIOS version.
Steve
Edit: here's the relevant thread: http://forum.pfsense.org/index.php/topic,45522.0.html
-
I suggest you connect one interface from the card to a switch (do any lights on the card come on?), then type the pfSense shell command```
ifconfig
I'll take a look when I get back from the doctor and give you an interpretation. Have you searched the pfSense forums for reports from other users of that card? (Its model number seems familiar.)
Hi wallabybob,
Here's a screenshot showing the result of the command ifconfig.
During that test, the interface em0 was connected to a switch. The interfaces em1 to em4 are not configured. em5 is configured but there was nothing connected on it. Also, you are correct, when I plug a cable the lights are on.
Thank you!
Should have been clearer, I meant motherboard and BIOS version.
Steve
Edit: here's the relevant thread: http://forum.pfsense.org/index.php/topic,45522.0.html
Hi Steve, thank you for your reply.
The board i'm using is Asrock 939NF4G-SATA2. (Exactly like this one : http://www.asrock.com/mb/NVIDIA/939NF4G-SATA2/ ) The bios version is : 939NF4G-sata2 bios P1.50
Thank you! -
Well that all looks good. You don't have a hardware compatibility problem. :)
(At least not with the Silicom card)Is em0 your LAN address? If not have you set firewall rules to allow access? You should get an IP address anyway.
Can you get any connection if you use a static IP at the client machine?
Steve
-
Here's a screenshot showing the result of the command ifconfig.
OK, keep that setup.
If you plug into the switch a computer configure with IP address 10.0.1.2 netmask 0xffffff00 it may be able to communicate with pfSense. However it depends on what pfSense interface is assigned to em0 (WAN? LAN? OPTx?). Please post the output of pfSense shell command```
/etc/rc.banner
The fact that all the interfaces are recognised and em0 see carrier from the switch and negotiates 10/100 speed strongly suggests you don't have the "BIOS/motherboard" problem Steve referred to earlier. Earlier you said @reboot-me: > no matter what I do, I can't connect any computer through it. . . . no matter what I do, I can't get it to work. If we just step through this, bit by bit, we should be able to get even more of it "working". However it will require attention to details.
-
Well that all looks good. You don't have a hardware compatibility problem. :)
(At least not with the Silicom card)Is em0 your LAN address? If not have you set firewall rules to allow access? You should get an IP address anyway.
Can you get any connection if you use a static IP at the client machine?
Steve
Hi,
em0 is configured as a test card right now. nfe0 was setted as my WAN (not plugged) and rl0 was setted as my LAN. nfe0 and rl0 work well, I only have a problem with all the em* interfaces. (opt*)
There are no firewall rule on this machine right now, it's a fresh install.
I cannot have a connection with a client machine even if I use a static IP. When i plug my computer directly in the em0 interface(with a normal rj45 or a crossover cable), the NIC on my client turn in gigabit mode so i assumed that there are some kind of communication between these 2… -
em0 is configured as a test card right now. . . .
There are no firewall rule on this machine right now, it's a fresh install.The default rules in pfSense block ALL communication from OPTx devices. If you want communication from an OPTx device you will need to add firewall rule(s) to allow the communication you want.
-
Here's a screenshot showing the result of the command ifconfig.
OK, keep that setup.
If you plug into the switch a computer configure with IP address 10.0.1.2 netmask 0xffffff00 it may be able to communicate with pfSense. However it depends on what pfSense interface is assigned to em0 (WAN? LAN? OPTx?). Please post the output of pfSense shell command```
/etc/rc.banner
The fact that all the interfaces are recognised and em0 see carrier from the switch and negotiates 10/100 speed strongly suggests you don't have the "BIOS/motherboard" problem Steve referred to earlier. Earlier you said @reboot-me: > no matter what I do, I can't connect any computer through it. . . . no matter what I do, I can't get it to work. If we just step through this, bit by bit, we should be able to get even more of it "working". However it will require attention to details.
Hi, i just configured a client with 10.0.1.2 and a netmask of 255.255.255.0 and it seems like there are no communication between these 2.
Also, em0 is setted as OPT1.
em0 is configured as a test card right now. . . .
There are no firewall rule on this machine right now, it's a fresh install.The default rules in pfSense block ALL communication from OPTx devices. If you want communication from an OPTx device you will need to add firewall rule(s) to allow the communication you want.
hum, i did not know that but could it explain why the DHCP server does not work ? If i plug a computer in the switch (and of course if i don't set a static ip) my ip will turn as 169.something (zero configuration networking).
-
I just putted my wan interface up, logged in the webconfigurator, give all acces to em0 to the entire network. After that i setted my client ip to 10.0.1.2 with a netmask of 255.255.255.0 and even with that, i can't do anything. (I can't ping 10.0.1.1, can't acces the webconfigurator or the internet).
After that I setted back the client to dynamic ip, tried to ask for a new ip to the dhcp server (range of ip : 10.0.1.10 to 10.0.1.254 ) and all I can have is : 169.254.18.133.
Does anyone have any idea about that?
-
Does anyone have any idea about that?
After major changes to firewall rules it is sometimes necessary to reset firewall states: See Diagnostics -> States and click on Reset States tab, read the explanation then click on Reset button.
Firewall rules have more parameters than you have provided. Please post a screen shot showing the firewall rule(s) on OPT1.
What was reported when you tried to ping 10.0.1.1 from a computer connected to the OPT1 interface? (Please post command and response. They are almost always much more informative than the executive summary "can't ping".)
Do you see any of your ping attempts reported in the Firewall log? (See Status -> System Logs, click on Firewall tab.)
-
Does anyone have any idea about that?
After major changes to firewall rules it is sometimes necessary to reset firewall states: See Diagnostics -> States and click on Reset States tab, read the explanation then click on Reset button.
Firewall rules have more parameters than you have provided. Please post a screen shot showing the firewall rule(s) on OPT1.
What was reported when you tried to ping 10.0.1.1 from a computer connected to the OPT1 interface? (Please post command and response. They are almost always much more informative than the executive summary "can't ping".)
Do you see any of your ping attempts reported in the Firewall log? (See Status -> System Logs, click on Firewall tab.)
Hi,
I have completed the instructions you gave me yesterday and here's what i've got :
First of all, I went to the "Diagnostic States" and clicked the "Reset" button in the "Reset States" tab.
Here's a screenshot of my firewall rules. As you can see, I have created 2 rules instead of one. (Because I wanted to see which rules was associate with every log. The "log" checkbox is enabled.)
Here's a screenshot of the ping commands while connected as 10.0.1.2 : I have also included what Wireshark could capture during the same time.
Finally, the firewall logs are empty. Here's a screenshot. (I do not understand why it's empty).
-
You have multiple problems. Thanks for including the Wireshark capture.
1. Your Windows systems is sending ARP requests to find out the MAC address of the system with IP address 10.0.1.1. It is not getting a response hence it doesn't know what MAC address to send to in order for traffic to get to 10.0.1.1. Until this is fixed you won't see traffic on this interface in the firewall log.
2. Your firewall rules don't allow DHCP requests: Source IP = 0.0.0.0 and Destination IP = 255.255.255.255
I suggest you perform a packet capture on pfSense while a ping is running on the Windows box. Do you see the ARP requests? If not, it would appear something is "strange" with your switch. Is it a "managed" switch - perhaps it was previously configured for VLANs or some sort of access control? You could also try pinging 10.0.1.2 from pfSense to see what happens.
-
You don't need to include rules for DHCP they are already added by default if DHCP is enabled. For example:
@cat:allow access to DHCP server on LAN1
pass in quick on $LAN1 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
pass in quick on $LAN1 proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server"
pass out quick on $LAN1 proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server"Steve
-
You don't need to include rules for DHCP they are already added by default if DHCP is enabled. For example:
OK, but a recent post http://forum.pfsense.org/index.php/topic,56848.msg303380.html#msg303380 (DHCP enabled on OPT1 but DHCP traffic apparently blocked by firewall) suggests they MIGHT be required. And I have memories of "unintuitive" behaviour in some earlier versions of pfSense, something like"specific firewall rules were not required for DHCP if DHCP server was enabled on a solitary interface BUT were required if DHCP server was enabled on a bridged interface and DHCP requests were to be accepted from a secondary member of the bridge."
-
Hmm, interesting thread. I certainly don't believe you are supposed to have to add dhcp rules. I have never needed to.
The user in that thread initially spotted dhcp requests in the firewall log, that would indicate a problem.
You can easily check by looking at the rules.debug file.Steve
-
Hi,
I have more information about my problem :
First of all, I changed my LAN interface to em0 and I removed rl0.
I finally saw my pfSense's interface em0 (10.0.1.1) with wireshark from my client(10.0.1.2 static). I could capture a couple of packets when I changed the ip address of em0. Here's what I could capture :
Here's some screenshots of these packets :
I also saw that my client had an invalid resolution for 10.0.1.1 via arp -a :
So I setted a static route with this command : arp -s 10.0.1.1 00-e0-ed-14-8b-aeAfter that I tried to ping my client (10.0.1.2) from my routeur (10.0.1.1) and here's what I've got :
Then I checked the states of the routes setted up on pfsense (Sorry for the picture, at that point I could not connect via ssh…):
I added a route directly to my client : 10.0.1.2 :
I started a ping from my routeur (10.0.1.1) to my client : 10.0.1.2 (The client was up and running and the firewall was disabled.):
EDIT : I forgot to say that, before i added this rule to PfSense, when I tried to ping my client, there's was no message like "Host is down." I could only see that the 3 packets that were sent were lost during the operation. There's probably a problem with these routes…
After that I started a ping my client to my routeur and I still had a message of "unreachable host"…I also putted the NIC in another computer (i386, the computer I used during these test is a amd), booted pfSense, setted up the interface and I got the exact same problem. (Moreover, pfsense freezed after a couple of minutes, but that's not my main issue...)
Regarding the configuration problem of the dhcp server(which is probably less important), here's a couple more infos :
Thank you!
-
First of all, I changed my LAN interface to em0 and I removed rl0.
Why? It is not clear to me that it is useful to change the pfSense LAN interface assignment from an apparently working physical interface to a physical interface you are having trouble with. At the least, it is likely to make it difficult to access your pfSense to capture information.
I finally saw my pfSense's interface em0 (10.0.1.1) with wireshark from my client(10.0.1.2 static). I could capture a couple of packets when I changed the ip address of em0.
Changed the IP address from … to ...? Based on the packet captures you provided did you change from 192.168.1.1 to 10.0.1.1?
The few times I have made major IP address changes to a pfSense box (changed the IP subnet of an interface with a static IP address) it has seemed to be necessary to reboot to clear out the memory of the ld configuration.
It is strange your route display for 10.0.1.0 doesn't display a network mask. That suggests to me the interface is not correctly configured.