No access to PFSense and no pings after adding another nic



  • I added an additional 4 port nic card to the server. Left everything else the same. Now I cannot ping to or from the pfsense server.
    I cannot access it via the web GUI.

    I even tried to auto add the WAN and it says the link is down but I have link lights.

    My guess is something with the NIC drivers, how do I test them or add the ones for the new card which is an Intel 1000 quad port server adapter.



  • If the new added NIC card uses the same driver as the other NICs in your server pfSense may replace the interfaces with the new ones.

    To distinguish the interfaces, you can display the MAC addresses in the console by select "assign interfaces" from the menu. You may also use the auto-detect function for recognizing the right one.


  • Netgate Administrator

    ^Exactly.
    Please give more details. What is the exact card model you just added? What are the NICs that were already in the box? What sort of server is it?

    Steve



  • It is a Dell server with 2 built in nics.
    The extra NIC is an Intel with an IBM part number of 39Y6138 with 4 gig ports. It  is an Intel Pro1000 and I have the drivers for it in a tar file.

    The drivers are not the same and when it is in, it does not show any new mac addresses so my guess is a driver issue just not sure how to add a driver in pfSense.


  • Netgate Administrator

    The drivers for that are included in pfSense already.
    What NICs are on board the server? Do the new NICs appear in the BIOS? What do mean when you say 'new MAC addresses', how are you testing that?

    Steve



  • When I boot up, the new ports show up on the Network Boot. If it is the same driver then maybe the card is bad and causing an issue with the system.  The new ports do not show up on pfsense and the original ones are still there with the same config.


  • Netgate Administrator

    Ok, so the new card, and it's NICs, are seen by the bios. The NICs on this card should be using the em(4) driver so will appear as interfaces em0-em3 unless your onboard NICs are also Intel in which case they already be using em0-1. You haven't said what your on-board NICs are but I'm going to guess they are Broadcom in your Dell server. They probably appear as bge0 and bge1. If that is the case your config will not have changed and pfSense will boot up normally as if nothing has happened.
    You have to assign your new NICs by going to Interfaces: (assign): in the webgui and clicking the '+' button at the bottom of the list.
    If no '+' button appears it's because there are no new interfaces to assign. In that case please give us the output of the following at the CLI:

    pciconf -lv
    

    Steve



  • I do not have access to the GUI however now under assign interfaces all the nic cards show up.

    em0 … em5
    em0 and em1 are up as they should be.
    When I plug in a cable to the new card I get a link light but the state of the card does not change to up. (I looked in assign interfaces)
    I ran pciconf -l and it shows all the ports.
    The driver for all of them is using the Intel Pro1000 driver.

    I am using 2.2 now, I upgraded.



  • I put an IP address on each nic for the LAN just to see if the port changed and tried to ping each nic.
    Nothing.
    I disabled the firewall to see if it was blocking and still nothing.
    I even tried to access the system on the WAN interface with the firewall disabled and nothing.
    Pings from the system out also fail.
    On Server:
    em0 - 10.20.0.1 LAN
    em1 - 192.168.1.2 WAN
    On New Nic
    em2 - 10.20.0.249 OPT1
    em3 - 10.20.0.248 OPT2
    em4 - 10.20.0.247 OPT3
    em5 - 10.20.0.246 OPT4
    I connected every nic to the switch and now I can ping and get to the web interface but only on 10.20.0.1.

    When I unplug one of the cables on the new nic, the pings stop so I see that it is now on another spot. the em#'s do not seem to match the ip's just going by the position so I will troubleshoot them and maybe reset all the settings.
    I still cannot ping the wan side.


  • Netgate Administrator

    Ah, ok so first off you shouldn't be using 2.2 unless you want to experiment with unstable code. The last few days have seen snapshots that were seriously broken for example. If you've gone to 2.2 it might just be broken and nothing to do with assigning the NICs etc. I would recommend that you at least get it working correctly in 2.1.3 before trying anything else.

    So you have all Intel NICs and all using the em driver. Ok, then the most likely explanation for why you were suddenly unable to access the webgui is that originally suggested, the NICs have reordered them selves. Look at the MAC addresses of the cards in assign interfaces. You should be able to see which are on the quad port card because it will have consecutive addresses. Do not assume that just because em0 was an on board port before that it still is.
    The autodetection in that menu does not work with all hardware.

    As an aside, you've put all the interfaces in the same subnet, assuming they are all the standard /24, which cannot be done. Each interface must be in a separate subnet.

    Steve



  • Thanks for the info.

    I will set each nic accordingly with a different IP and the position did change on the card. I will have group all the internal cards as a LAN for each subnet and have two WANS for load balancing.

    Then I think it should all work.  As far as upgrading to 2.2, not sure how to downgrade as I did the upgrade through the GUI that said I had an update so I applied it.

    I will play with it.

    Thanks


  • Netgate Administrator

    There's not easy way to downgrade unfortunately. The easiest thing to do is just reinstall. Make sure you're definitely on 2.2 though because it's not some thing you could have done by accident. To upgrade to a snapshot you have to enter the update URL manually and check the box to allow unsigned images,

    Steve



  • I got it working, reset to factory default and redid the settings and it now works under 2.2

    Thanks for all your help.


Log in to reply