Random Outtages

mbeasley

I'm running Pfsense 1.2 beta snapshot.  I am managing a network of around 60 computers inside of a fraternity house, with pfsense as my firewall.  I've had a problem (on both the 1.2 beta and the normal release) where every half hour or so, a users internet will just randomly stop working.  AIM protocol and other connections sometimes stay open - but http is 100% down and it will not come back on that computer until the user repairs the connection or unplugs and then re-plugs in his ethernet.  I've been told that sometimes this can be due to network switchs or other hardware failures - but the switches are relatively new.  I've tried bouncing them to see if it fixes anything - with no result.  Does anyone know of anything inside of pfsense that could create this problem and how I could fix it?  thanks!

-m

Cry Havok

Being new doesn't stop things from failing.  I'm (still) running one of the beta snapshots of 1.2 and it's been running without problems for 52 days.  It would be longer but I was messing around with kernel options to try to get power saving going on my box :)

Now, what hardware are you using and what packages have you got installed?

cmb

You need to do some better troubleshooting, and provide more info.

"a user's internet will just randomly stop working" - just one? always the same one? more than one simultaneously?

"it will not come back on that computer until the user repairs the connection or unplugs and then re-plugs in his ethernet" - before that, what's the state of the machine? If it's DHCP, does it have an IP? Can it ping its gateway? Can it ping to the Internet? Does DNS work?  Unplugging and replugging does a number of things depending on the OS.

If machines fall off the network completely (can't hit anything including the firewall) it's not a firewall issue.

mbeasley

Ok - sorry.  Here's some more info in response to those questions.  (understand I'm very new to pfsense and network management in general).

"a user's internet will just randomly stop working" - just one? always the same one? more than one simultaneously?

No - not always the same.  It's random and I think it has affected most everyone in the house at least a few times.  For some, it's more frequent (say maybe once every hour or so they experience an 'outage'.  For others - it's maybe only once or twice a week.

"it will not come back on that computer until the user repairs the connection or unplugs and then re-plugs in his ethernet" - before that, what's the state of the machine? If it's DHCP, does it have an IP? Can it ping its gateway? Can it ping to the Internet? Does DNS work?  Unplugging and replugging does a number of things depending on the OS.

I think in almost all cases, they're still on the network.  All internal connections (say our to Direct Connect server for example) work.  Their IP will still be listed on the ARP table.  If I hop on their computer while they are 'out', I can still access the firewall.

Now, what hardware are you using and what packages have you got installed?

For packages - just bandwidthd.  Hardware… well - I'm transitioning into the position after our old network manager left, so I'm not entirely sure.  The switches are Dell Power Connect 2224s.  The computer is a no name - built from scratch computer that the guy before me put in.  He knew what he was doing though - and built it specifically for a firewall.  It's running FreeBSD.  The firewall itself is stable.  It's simply the users connection.  And more specifically - primarily just their connection across port 80 for http.  All other connections, including AIM or torrents stay open.

sullrich

Sounds like you are running out of states.

cmb

Yeah, states is the next thing I would look at. Next time this happens to a machine, check your state table size. If it's at or near the max, you need to increase it.

If it's not, then continue with these steps.

On the affected machine:

1. check the IP, make sure it still has an IP from DHCP
2. ping the gateway IP (assuming that's likely pfsense)
3. ping something else on the internal network
4. ping 69.64.6.1 (just an IP on the Internet I know responds to pings)
5. ping google.com

and post back with the results. That's not going to fix it, but it'll at least narrow down the problem where we can provide more recommendations on what to look at next.

yoda715

@cmb:

4. ping 69.64.6.1 (just an IP on the Internet I know responds to pings)

What's the Easiest IP address to remember to test connectivity? Why 4.2.2.2 of course :)