Intermittent connection drops, DNS issues, tons of blocked packets
-
I've been running pfsense for about a solid two months now. It's has been working fine for a while but this month I have been experiencing several weird problems. First, at least once a day (but usually more), I will suddenly lose my connection to the internet. I will then go log into pfsense and check the dashboard. It will show that the WAN device has no address at all. Then I will release/renew and it usually grabs an ip and I get back online. This happens frequently enough that makes me think there is something going on between my isp and pfsense.
Now, I am having more of the same problems, but it seems like I have partial connectivity to the internet. For example, while I was typing this, I went to google.com and it suddenly told me page not found. I tried it on another computer and it still didn't work. So I tried to ping google.com and got host unreachable. Then I pinged 8.8.8.8 and got 100% replies. Then I tried pinging google again and got replies. Then, shortly after, I was able to load google.com again. This has happened about three times in the last twenty minutes and I'm trying to get to the bottom of it.
Look at the attachment I provided. First thing I am confused about is that my ARP table lists two WAN devices. One is 24.180.208.132 which is my public address assigned to me by my isp, then the other is 24.180.208.1, which I am assuming is somehow the gateway that my public address is on.. but should I see that in my ARP table?
Second, my firewall log shows constant blocked TCP, UDP and DHCP packets, almost every single minute. I assume this has something to do with my problem.
I have not added any new rules to my firewall yet. The only thing there are the two rules about blocking private and bogon networks. I've mainly been using pfsense as a gateway/router and I am trying to learn more about firewalling and netsec.
As for my setup: I have a cable modem connected directly to the WAN device on pfsense, then my LAN is connected to an unmanaged Cisco switch which I have a few computers connected to.
*I also have a WRT54GL wireless access point connected. However it's not set up in the usual way because I have the Ethernet cable going to it's WAN port and pfsense assigns it a static ip of 10.0.0.3. Then the wifi router has it's own internal network assigning 192.168.1.0/24 addresses to the wifi clients that way. Everything seems to work fine this way but I'm not sure if this may cause problems on my network at times..
![firewall issues.jpg](/public/imported_attachments/1/firewall issues.jpg)
![firewall issues.jpg_thumb](/public/imported_attachments/1/firewall issues.jpg_thumb) -
First thing I am confused about is that my ARP table lists two WAN devices. One is 24.180.208.132 which is my public address assigned to me by my isp, then the other is 24.180.208.1, which I am assuming is somehow the gateway that my public address is on.. but should I see that in my ARP table?
Yes, the WAN side is working there over normal Ethernet, so your WAN needs to use ARP to find the ethernet MAC address of the gateway at IP 24.180.208.1
Second, my firewall log shows constant blocked TCP, UDP and DHCP packets, almost every single minute. I assume this has something to do with my problem.
Maybe, maybe not. There is 1 TCP:S (SYN) packet there that is something from outside trying to start a connection in to you - that would be a genuine block. The others are "random" packets that might have been part of an established state from inside your LAN out to the internet. For whatever reason the state/flow has not been ended completely normally, pfSense no longer has the state in its table, but the outside internet is still trying to send back a few remaining packets.
*I also have a WRT54GL wireless access point connected. However it's not set up in the usual way because I have the Ethernet cable going to it's WAN port and pfsense assigns it a static ip of 10.0.0.3. Then the wifi router has it's own internal network assigning 192.168.1.0/24 addresses to the wifi clients that way. Everything seems to work fine this way but I'm not sure if this may cause problems on my network at times..
Actually it will work like for the WiFi clients - to pfSense it looks like a lot of traffic coming from 10.0.0.3
But the WiFi clients are not directly on the LAN, so if they want to just browse LAN resources (for file server, print server…) then that will not work. But they can go directly to LAN IPs that they know \10.0.0.42 might take them to a server.
You can put the WiFi onto the LAN directly:- disconnect WiFi WAN side cable to LAN
- connect a LAN port of the WiFi device to your LAN switch/pfSense LAN
- disable DHCP on WiFi device
Now WiFi clients will get DHCP from pfSense LAN, and have pfSense LAN as their direct gateway, DNS server.
Your real trouble is somewhere with the pfSense WAN DHCP lease timing out and for some reason the renew does not happen/work. Is there anything in the System or DHCP logs that looks interesting?
-
Thanks for the reply. And I tried unchecking the "override dns entries" option in the setup menu and that seems to have solved the problem (for now).