Changing NICs, or Networks with Pfsense breaks internet connection?
-
Hi, I'm not sure if I just overlooked something, or if this is an issue with pfsense. I originally set up a pfsense box for our office at home, to get the features we needed installed, configured, and tested (work out the kinks so to speak). When I brought the box to the office, I reconfigured the wan interface to reflect our static IP address etc… and the lan address to match our old routers Lan interface.
Once I thought I was up and running, I could not reach any websites. I could ping our gateway address (ISP not the pfsense box), but no further. The results pinging from the pfsense router was the same. After getting nowhere with tech support, I finally backed up my config, did a factory reset, reconfigured the interfaces and was up and running. I tried restoring my config which only "broke" the connection again.
A couple of days later I swapped out the WAN interface after reading that realtek chipsets where no good for pfsense, and encountered the same issue. All settings where correct (IP, default gateway, subnet mask, etc) but still no internet access, requiring me once again to reinstall and configure all packages.
I guess my question is... is anyone familiar with this issue and is there something I can do to fix it rather than default the router and reinstall everything?
EDIT
Part of the reason I am asking is that I am considering purchasing a couple of Intel Pro NICs for the box since they are the recommended NICs. I am currently using Linksys NICs. Would desktop Intel NICs be worth the purchase? -
Doubt that has anything to do with your NICs. Probably a couple different issues there. One, you likely didn't change your gateway accordingly to set the default route as the static WAN gateway IP. Then you reset to defaults, went through the setup wizard which added your WAN gateway as the default automatically, and were all good.
Then you changed your NIC. That requires flushing the upstream ARP cache, or waiting for it to time out. The symptoms you describe match that scenario exactly. Then you reinstalled and by the time that got back up and running, the upstream ARP cache timed out, and you were good.
So in short, to avoid "having to reinstall" for your two "having to reinstall" scenarios:
- you have to have the correct default gateway specified under System>Routing
- you can't change NICs or firewalls without the upstream ARP cache timing out. how long that takes varies depending on how your ISP has their router configured. Cisco and Juniper routers default to 4 hours, but it's configurable, some ISPs lower that.
-
I have found that in certain circumstances it seems to be necessary to restart pfSense after major configuration changes. Perhaps it would have been sufficient to restart pfSense after configuring the new interface(s).
Are you interested in trying to reproduce the problem to better understand what is going on?
. . . after reading that realtek chipsets where no good for pfsense . . .
In my limited experience (no trouble with one Realtek NIC, 8139, for nearly four years in home pfSense) the alleged deficiencies of ALL Realtek NICs in ALL circumstances seem to be overstated. And people do have problems with Intel NICs, Broadcom NICs etc (for example, attempting to use "too new" NICs with "too old" software, attempting to use "too many" NICs …)
I am considering purchasing a couple of Intel Pro NICs for the box since they are the recommended NICs. I am currently using Linksys NICs. Would desktop Intel NICs be worth the purchase?
As best I know Linksys don't make NIC chips. If they use Intel chips I doubt there would be any value in swapping in Intel brand NICs. What chips are in the NICs you are using? (Posting the output of pfSense shell command```
/etc/rc.banner@cmb: > Then you changed your NIC. That requires flushing the upstream ARP cache but OP wrote @Daemonseed: > Once I thought I was up and running, I could not reach any websites. I could ping our gateway address (ISP not the pfsense box), but no further which doesn't seem to me to be an ARP issue (the ISP gateway knows how to send a reply to pfSense). -
As best I know Linksys don't make NIC chips.
the Linksys Ethernet cards I've seen all had Realtek chipsets.
@cmb:
Then you changed your NIC. That requires flushing the upstream ARP cache
but OP wrote @Daemonseed:
Once I thought I was up and running, I could not reach any websites. I could ping our gateway address (ISP not the pfsense box), but no further
which doesn't seem to me to be an ARP issue (the ISP gateway knows how to send a reply to pfSense).
That was when he was missing his default gateway (most likely), he couldn't ping the ISP gateway as far as stated after changing the NIC, or at least that's the way I read it.
-
Thanks for all the Replies. Just for clarification, I didn't reinstall the OS, I just used the "Factory Defaults" under Diagnostics and reconfigured.
I had changed the gateway address in WAN settings… But I didn't even notice the routing Menu item... will definitely check that next time.
I don't think my NICs have realtek drivers. Wouldn't those be rl0 and rl1 etc? Mine are dc0 and dc1. I had read this on freebsd.org before installing them (had these lying around)
"The dc driver provides support for several PCI Fast Ethernet adapters and embedded controllers based on the the DEC/Intel 21143 chipset and clones."
Also, I don't know that I am having any issues with current NICs, I was considering getting the intel cards because they are recommended, and i want to avoid any potential bottle necks cause by the hardware. Our office is on a T1 which is horribly slow and at one time was all that was available in our area other than wireless or satellite. I think there is faster service now available here, but our contract doesn't end until July.
I'm trying to figure out how to improve things with traffic shaping but I can't seem to get sites like youtube to stop hogging all the bandwidth ( and I can't just block because even the owners watch em)
But... I'm sure eventually you see a post from me on that topic :P. Thanks again for the help.
-
-
I don't think my NICs have realtek drivers. Wouldn't those be rl0 and rl1 etc? Mine are dc0 and dc1.
Realtek NICs are supported by both rl(4) and re(4), more by re these days. You're right dc(4) driven NICs are not Realtek.
Yep, I guess Linksys also has branded some of those DEC/Intel chipsets. The only ones I've personally had were rl(4). With vendors like Linksys, they may mix and match rl and dc without even changing the model number.
-
Yep, I guess Linksys also has branded some of those DEC/Intel chipsets. The only ones I've personally had were rl(4). With vendors like Linksys, they may mix and match rl and dc without even changing the model number.
That drives me nuts. I've run into issues finding the right wireless adapter for compatibility due to a card being available with 3 different chipsets, and had to figure out which revision had the chipset i needed.
-
That drives me nuts. I've run into issues finding the right wireless adapter for compatibility due to a card being available with 3 different chipsets, and had to figure out which revision had the chipset i needed.
yeah it sucks for anyone not running Windows… can't trust any big name vendor (Linksys, DLink, etc.) to keep their hardware consistent.
