Last few days x86 machines connected to isp using vlan but state table goes zero

xbipin · Mar 11, 2013, 6:32 AM

i seeing this since 25th feb, i have a x86 machine with atom processor and single nic with 4 vlans, 2 wan and 2 lan and after a day, in the morning all lan devices loose connectivity, when i check the web gui the state table shows zero, rebooting also doesnt help, when i plug in a normal router, everything works, could it be pfsense or the cisco vlan switch? pfsense seems to connect to isp just fine and gets ip addresses also but complete lan goes down as well as web gui of pfsense from the wan is also dead.

any1 else suffering this?

eri-- · Mar 11, 2013, 7:50 AM

Not any info there to help you out.
Could be the switch/could be pfsense/could be the cisco!

ggzengel · Mar 11, 2013, 8:28 AM

Since today one of my pfsense with 2.1 have the same problem.
I can reach the pfsense with ipsec. It's routing over openvpn. But local machines cann't reach the internet.
The state table is zero, even if i have a connect with ssh.
The pfsense itself can ping to internet.

Turning off "Block bogon networks" helped.

xbipin · Mar 11, 2013, 8:39 AM

i did the same

Turning off "Block bogon networks" helped

cisco switch seems all fine coz lan to land evices access all fine and lan to pfsense also all fine so the vlans working all fine, lan clients cant ping on internet through pfsense but pfsense can ping directly just fine

cmb · Mar 11, 2013, 8:58 AM

Is it really going to 0, I mean exactly 0, or does it just drop off to a far smaller number than usual/it should be?

Is there traffic hitting the firewall's LAN, destined to its MAC or that of a VIP?

xbipin · Mar 11, 2013, 9:06 AM

for me the state table actually shows 0/203000 and at the time traffic from lan to pfsense is there but it never goes through, both the wan connections show as up with a valid ip address and disconnecting them also makes it reconnect fine but lan devices still remain in the dark.

im still able to open the pfsense web gui at the time but doing so the state table still remains as 0

ggzengel · Mar 11, 2013, 9:28 AM

The state table has exactly zero entries even if there is a lot of traffic over ipsec and openvpn. Apinger is working and shows pings in RRD.
What bogus entries are in the bogus ip table?
I append the RRD of states at UTC time.

AhnHEL · Mar 11, 2013, 12:03 PM

Happened to two of my sites as well. Thought it was related to this topic.

http://forum.pfsense.org/index.php/topic,59866.0.html

Havent tested out the workaround yet. Reinstalled from scratch before I noticed the topic because the forums were down last night for maintenance.

ggzengel · Mar 11, 2013, 2:14 PM

But why are the states table empty?

AhnHEL · Mar 14, 2013, 4:35 AM

This just happened to me again for the third time this week. Only way to get access to internet is to uncheck 'Block Bogon Networks' from /Interfaces/WAN in the GUI.

I'm not using any VLANs, just a simple cable modem to pfSense with IPv4. Something is definitely going on with the Bogons Table. Can any developer look into this showstopper please?

http://forum.pfsense.org/index.php/topic,59866.0.html

I can connect to router via LAN, or OVPN tunnel into router, but no LAN to WAN. State Table size says 0/486000.

xbipin · Mar 14, 2013, 4:45 AM

i can confirm its the bogons table that causes it, unchecking block bogus networks keeps everything fine

cmb · Mar 14, 2013, 10:31 PM

There was a problem with it earlier, if your system fetched the problem file you'll need to force it to do an update under Diag>Tables.