Need help urgently!!



  • I have installed pfsense over the weekend and everything went fine.
    For the last 3 days everyday the firewall will stop working. It's up but I can't ping it or it's intermittent.
    On the console I try a ping locally, dmz and WAN and I get intermittent
    ping: sendto: Operation not permitted
    Then a ping goes through.
    This happens for about 20 mins then the firewall stabilizes and everything is back to normal.
    I'm running pfsense 1.2-rc3 and if I can't find a solution soon I'll have to scarp it and go back to my Microsoft ISA firewall.
    I cant see anything weird on the firewall.  I've also turned off offloading still same thing.
    Please help.

    P.S. is there any way to turn off CARP, on a reboot it makes the firewall wait a minute or 2 before coming up.
    I've disabled it on the Web Gui but on reboot it just comes on, also same thing with offloading, comes back on after reboot even though I've turned it off.

    Thanks



  • Sounds like a hardware problem.  What hardware are you using?



  • It's an amd dfi motherboard with with 2xdual intel gigabit cards and one onboard realtek. total of 5 nics and 4 of them are gigabit.
    1 gig of ram.
    The box itself is up, just can't communicate with it must go to console.  I have a lan/wan/dmz area.
    I can ping an IP on any interface then I'll get the same ping response of sendto: operation not permitted for a couple of lines then the ping goes through.
    I test it again a couple of seconds later and I'll get sendto: operation not permitted again.
    This is my 2nd set of hardware and still same issue.
    I'm wondering if the Intel cards are the issue.

    Thanks



  • Out of curiosity, what version are you using and have you tried an earlier version on that hardware?



  • I'm using 1.2-rc3
    It's live now, which one do you suggest i should downgrade too?



  • I'm going to have to give up on PFSENSE and go back to the Microsoft ISA.
    I tried a second set of completely different hardware and now the pfsense  box freezes up if I do any kind of network changes.
    I've also downgrade to 1.2-RC2 and still same issue.
    I'm pretty confident the issue is with BSD and it's ability to deal with new hardware, everything I'm using is the latest and that's where I think the fault is.

    JUST FYI THE SAME HARDWARE WORKS FINE WITH MICROSOFT ISA/WINDOWS 2003, I REALLY WANTED TO GET AWAY FROM MICROSOFT TO PROVE A POINT.

    Thanks for everyones help.



  • Commercial support is available.  This would still be cheaper than to maintain your ISA setup.

    Just a thought.



  • @sjitan:

    I'm pretty confident the issue is with BSD and it's ability to deal with new hardware, everything I'm using is the latest and that's where I think the fault is.

    I've had FreeBSD 6.2 (which pfSense is based on) running on everything from a P3 to a dual core AMD64 without problems (I've literally just finished installing it on some bleeding edge hardware).  Without real details of the hardware you're using (exact model numbers and ideally the output of "dmesg") there's no way of saying anything about your hardware choice.

    That Windows works doesn't mean the hardware is solid, it just means that Windows works ;)  A more appropriate check would be to run FreeBSD 6.2 (there's a live CD).  It may be worth noting that vendors don't always/often check their hardware against non-Windows platforms.  This means it's not uncommon for other OSs to encounter problems where hardware doesn't play by the published standards.



  • I went back and did some more testing.  I'm able to make the original hardware stable by removing one of the dual intel gigabit nic cards out of the box.  So the box now only has 3nics which for now works until I get my 2nd wan next month.  If this stays stable then I'll probably use another non-intel brand nic and see if that continues the stability.
    If anyone has any other suggestions how to make a 4port gigabit firewall work would be great.
    In regards to the gentleman who said I could used paid support, I tried that option but wasn't able to get a hold of someone when I needed them for this firewall was in production and I needed to move fast.  I'm buying support for this product to help support this product for I completely believe in pfsense and would love for it to grow.

    Regards,



  • DARN IT HAPPENED AGAIN!
    But this time I saved the log files before rebooting and the system log files had this error before it went down.  If anyone could tell me what this mean it would be much appreciated.
    –---------------------------------------------------------------------------------------------------------
    Dec 10 14:06:49 llsense pftpx[563]: #92 server refused connection
    Dec 10 14:06:49 llsense pftpx[563]: #92 server refused connection
    Dec 10 14:50:31 llsense ntop[38608]:  WARNING: Max num TCP sessions (8192) reac
    hed (see -X)
    Dec 10 14:50:31 llsense ntop[38608]:  WARNING: Max num TCP sessions (8192) reac
    hed (see -X)
    Dec 10 14:50:31 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 14:50:31 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 14:50:33 llsense last message repeated 502 times
    Dec 10 14:50:33 llsense last message repeated 502 times
    Dec 10 16:19:18 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 16:19:18 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 16:22:51 llsense last message repeated 49700 times
    Dec 10 16:22:51 llsense login: login on ttyv0 as root
    Dec 10 16:22:51 llsense last message repeated 49700 times
    Dec 10 16:22:51 llsense syslogd: sendto: Operation not permitted
    Dec 10 16:22:51 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 16:22:51 llsense ntop[38608]:  ERROR accessMutex() call 'handleTCPSe
    ssion' failed (rc=11) [0x285b5714@sessions.c:1764]
    Dec 10 16:23:22 llsense last message repeated 13647 times
    Dec 10 16:23:22 llsense last message repeated 13647 times



  • Search the forum for ntop.  It is not very reliable.



  • I have removed NTOP to not worry about this issue, but this box was having this issue even with NTOP not installed.
    You can now see the systems of it, even syslog couldn't write to my syslog server if you look.

    Thanks



  • im new here
    i had a problem with one of the beta packages when i installed and it locked up the system
    what if u try a stable version with no add on packages and try that for a while
    make sure to do a back up before u install a new package so if ur system is become corrupted
    reinstall and restore form the last good config
    just a thought
    its my process, gives me less down time which i cant afford since i run web sites



  • Hi All

    Fairly new to PFSense - but - I have to say I got it working on a really lame hw setup pII 196 ram.

    That being said - to the problem at hand what happens if you strip down the system to say the onboard nic - and one card.

    run it see how it goes - then ad then next card.  Might be some config that was missed.  I"m not running that many nics in my box just two.  But that may be way obvious so I'll hush my mouth now.



  • not to bee the jerk and and captian obvious did you disable everything down to just the processor and the nics?
    what kind of hard drive is in this thing and what kind of chipset is also running the thing? (nvidia) i have had 3coms and Intel nics in my machine and the only thing that has been tripping it up is my assistant that was covering for me when i was on vacation she pulled the power plug on the unit insted of the cable modem. i think that i was up for well since august no issues.


Log in to reply