Multi-LAN setup freezing



  • Dear all,
    first of all - pfSense is an awesome piece of software. MANY THANKS for it…

    In our small business we have following pfSense setup:

    HW:

    • an older P4, 2.8Ghz, 2GB RAM, x86 architecture
    • 1 x onboard Broadcom Gigabit NIC, assigned to WAN (bge0)
    • 1 x PCI DP83065 Gigabit NIC (4 ports) assigned to LANs (cas0-cas3)

    Our primary LAN (only few PCs) are connected to cas0 via Intellinet Gigabit switch.
    LAN1 subnet 192.168.254.0/24, DHCP server enabled

    cas1 services only 1 high-end PC (connected via 100mbit switch) where Proxmox (virtual environment) is running.
    LAN2 subnet 192.168.253.0/24, DHCP server enabled
    port 8080 on WAN interface is forwarded (firewall rule+NAT) to one of the virtual machines to enable access from outside (we have Guacamole web interface listening on 8080).

    cas2-3 are unused.

    Symptoms:

    • if I enable following rule on firewall: "source LAN1 -> destination LAN2" and start transferring some bigger amount of data from my PC (LAN1) to the virtual one (LAN2), e.g. an ISO file, pfSense ALWAYS freezes
    • if several colleagues try to access the Guacamole web service (LAN2) from WAN interface (using our WAN address), the pfSense works for some time (usually few seconds), then freezes

    There are no logs, or anything else on pfSense to be examined.
    Once frozen or just before it, pfSense doesn't log anything suspicious.
    pfSense freezes completely - including keyboard (unable to trigger num-lock, caps-lock).
    only hard-reset helps....

    So far tried:

    • /boot/loader.conf modified: kern.ipc.nmbclusters="131072"
    • /etc/sysctl.conf modified:
          net.inet.tcp.inflight.enable=0
          net.inet.tcp.hostcache.expire=1
    • latest stable and RC releases
      did not help.

    Please, anyone guessing what could be causing these problems?
    MANY thanks in advance...


  • Netgate Administrator

    Older machine that suffers a hard lock-up when using more resources, first thing I'd do is test the RAM.

    Steve


  • Rebel Alliance Developer Netgate

    Such a hard lock that also prevents the keyboard LEDs from toggling is nearly always hardware.

    If it's always load-based, I would suspect power supply or heat first.



  • Guys,
    thanks for your replies, but I don't think the HW is causing this.
    This is already second PC where I'm experiencing such problems.
    They both were from HP, however absolutely different configurations.
    Anyway - memory test and HD test resulted in "everything OK"…
    Yesterday, I decided to disable the integrated Broadcom ethernet (have read some negative posts) and assigned the WAN to cas3 interface.
    (Now having WAN=cas3, LAN1=cas0 and LAN2=cas1 assigned).
    Until today noon everything went fine, I started to celebrate, but afternoon experienced two or three hard-locks.
    Now (after all the changes performed yesterday) I'm unable to reproduce the hard-lock "anytime", but happens occasionally.
    Can't believe this...

    Any ideas what should I do to analyze the problem and start moving toward discovering the root cause?
    Many thanks....


  • Netgate Administrator

    If it were a NIC problem I would suspect the multiport cas(4) card before Broadcom. Broadcom are generally considered quite stable under FreeBSD. The reason you may have seen some problem reports could be just that so many more people are running them.

    A hard lock like that with no crash report or kernel panic does imply some sort of hardware failure or maybe basic incompatibility.  :-\

    Is it actually a National Semiconductors card or a Sun card?

    Steve



  • @stephenw10:

    Is it actually a National Semiconductors card or a Sun card?

    It's a Sun card…

    @stephenw10:

    A hard lock like that with no crash report or kernel panic does imply some sort of hardware failure or maybe basic incompatibility.

    I thought the same until I replaced the PC with a completely different one (well, same HP-brand).
    Am I really such an "(un)lucky" boy ? Two PC's and both incompatible and/or having some kind of failure?

    Will post the HP models tomorrow, just to let u know….



  • @Darkriser:

    Will post the HP models tomorrow, just to let u know….

    The original PC was:
    HP Compaq dc7100 SFF

    The current PC is:
    HP Compaq dc7600 Convertible Minitower