Internet Failure - Cannot ping LAN Gateway IP
-
Hello,
Working on a 60 user network with pfsense 2.0.1 as the router / gateway. I have found that very sporadically systems will loose connection to the LAN IP for the gateway and thus the Internet connectivity goes down. I try to ping the gateway (192.168.1.1) and get timeouts. However, I can ping other devices on the network with no problems. The pfsense box is acting as a DHCP server as well. Disabling and then re-enabling the network adapter on the client system seems to resolve the issue. Could it be something with the DHCP server part of pfsense? Just asking as I do not know where to look for an odd issue like this.
I have changed out the network card twice on the pfsense box (Intel Pro 1000). But, experiencing the same issues.
Any help would be greatly appreciated with this!!
Thank you
Kell -
It sounds like the hardware is OK, since the client can access the rest of the network, so its local cable, switch… are going. But a reset of the client NIC brings back access to the pfSense gateway.
Perhaps there is another box on the network somewhere set to 192.168.1.1?
The client sometimes gets the MAC address of the rogue box rather than pfSense. Resetting the client NIC would clear the arp cache and let it start again finding the MAC for 192.168.1.1
Try "arp -a" on the client and see what it thinks is the MAC address of 192.168.1.1, then compare that to the real MAC address of the pfSense LAN NIC.or it could be some completely different weird network issue ;)
-
Thanks for the reply Phil.
I am working on it …
you were right! ... Some of the systems are getting different MAC addresses for the 192.168.1.1 gateway address..
The company hired an "In House IT Guy" and I have no idea where or what he may have installed.
Now I am off on a prolonged treasure hunt for a rogue device assigned to 192.168.1.1
Thanks again Phil!
Sincerely,
Kell -
Are your switches managed? If so, get on the same subnet, ping 192.168.1.1, look at your ARP table on your machine (arp -a, or arp -an on Linux so it doesn't resolve DNS), get the offending MAC, and do a sh mac xxxx.xxxx.xxxx or your switches' equivalent and track it down from there. Chances are good that it's a wireless router plugged in at some clueless person's desk.
-
Yup if you don't have smart switches, if you get the mac of this rouge you can look up the maker via a mac vendor lookup site - just google for one.
Also - I would change your pfsense lan IP to something else vs .1 for quick fix. Also IMHO, using .254 and .1 if your going to use 192.168.1.0/24 as your network is prob not a great idea because lots and lots of devices default to these. So someone brings in a switch, or a soho router, etc. and plugs it in and bam you have a conflict with your gateway device.
