Tracking down unknown firewall problem



  • 2.1.5-RELEASE (amd64) built on Mon Aug 25 07:44:45 EDT 2014 sits in front of a sip phone system.

    Sometime during the night something happens where the connection is broken which then prevents the sip server from registering, its set up to reregister with the sip trunk every 3 mins.

    I first thought it was a problem with the sip server, but the same problem persists after restarting the sip server.

    Rebooting pfsense seems to be the only way to get the sip server talking to the trunk.

    There is also a mail server running on the same machine running the sip server and that functions just fine through out, ie it can recieve send mail when the sip server is down.

    I'm in the process of setting up a machine to packet capture all the traffic to see if any thing shows up, unfortunately the pfsense packet capture appears to stop working after a few hours running.

    I'm running snort on the firewall which is blocking but the fw has been running with blocking off and the sip server was still dropping its connections then.

    Does anyone know of any potential things to look out for, or might know of something to check out? The sip server works fine when its running, but something happens overnight which kill the connection and rebooting pfsense seems to be the only fix atm.

    TIA.



  • Next time it happens, try resetting the firewall states (diagnostics -> states -> reset states tab).  If that fixes it, then you can do some reading like https://forum.pfsense.org/index.php/topic,70418.msg385188.html,
    https://redmine.pfsense.org/issues/1629 and
    https://redmine.pfsense.org/issues/3181

    I had this problem with the 2.1.x series, and had to patch each release manually.  That was one of the main reasons I went to 2.2alpha as soon as it stabilized.  I haven't had the problem on any of my 2.2 systems.



  • Funnily enough, I thought about resetting the states to see if that might do anything and as it happens, resetting the states did the trick.

    Having checked out the links you have provided, it looks like the same problem in this thread.
    https://forum.pfsense.org/index.php?topic=70418.msg384411#msg384411

    Did you ever get to the bottom of the problem in your post? https://forum.pfsense.org/index.php?topic=70418.msg385188#msg385188

    I'll look into apply a patch manually if I can as it would be nice to have some stability and see how I get on.

    Thanks for the info!



  • @firewalluser:

    Did you ever get to the bottom of the problem in your post? https://forum.pfsense.org/index.php?topic=70418.msg385188#msg385188

    Yes, later in that thread I confirmed that the fix did work for me, so I just kept that patch around until I moved on from 2.1.x to testing 2.2alpha (now beta) releases.  But 'get to the bottom' and solve with a more correct / elegant patch … no, I stopped looking.



  • Ok thanks for the info, I'll proceed with the patch and also set up a beta to see if thats good for me.

    Could this issue with the states also affect the wan connection?

    One thing I have noticed which I have not seen in previous versions of pfsense ie 1.2, is the ISP seems able to drop the wan connection remotely so it goes from a green icon with an ip address on the dashboard to a red icon with no ip address on the dashboard.

    When this happens either a reboot or disabling, saving applying, enabling, saving, applying the wan adapter in pfsense gets it to reconnect to the net and get a new ip address. I did have the pinger on, but that didnt stop the above from happening, I also have put in a a 24hr reboot schedule to force a new ip address in an attempt to fix the wan adapter problem, but it still happens just not as often.

    I dont think the IP is short of ip addresses to hand out but as this is new hardware and a new isp, I'm still tracking down what exactly is occurring, hence the question about if the states might affect the wan connection?

    TIA.



  • @firewalluser:

    Could this issue with the states also affect the wan connection?

    No, it's the other way around: dropped WAN causes stale states when it comes back up.

    One thing I have noticed which I have not seen in previous versions of pfsense ie 1.2  . . . .

    . . . . this is new hardware and a new isp, I'm still tracking down what exactly is occurring, hence the question about if the states might affect the wan connection?

    Sounds like you have issues with your new ISP.  What kind of connection is it?


Log in to reply