Isp Down need to restart Pfsense



  • Hello, I have a 2.1.5-RELEASE  version with two nics (athlon x2 2gb ram 160g hdd).  Nic1 is connected to the lan with ip 85.196.36.132 the wan side is 10.0.0.1 connected to a Vdsl router modem all ips are static.  My problem is that when the internet vdsl goes down and comes back online my gateway from pfsense 85.196.36.132 is dead I tried pinging nothing I restart the system and it works.  What could be the problem.


  • Banned

    @paotasos:

    What could be the problem.

    The problem is that it's broken (yet again). https://forum.pfsense.org/index.php?topic=41061.210



  • I dont have any PPPoE connections it connects to the Vdsl router as a normal lan connetion so the routers ip is 10.0.0.1 (gateway) and pfsense nic 10.0.0.100 and the 2nd nic gateway to 85.196.36.132.


  • Banned

    Huh?@paotasos:

    I dont have any PPPoE connections it connects to the Vdsl router as a normal lan connetion so the routers ip is 10.0.0.1 (gateway) and pfsense nic 10.0.0.100 and the 2nd nic gateway to 85.196.36.132.

    Eeeh? What second NIC? What GW on LAN? You are connecting your router to LAN port on pfSense?



  • ok to make it clear my Vdsl router modem has an ip of 10.0.0.1 and nic1 from pf sense connects to that with ip 10.0.0.100 ok.  My second nic on pfsense has an ip of 85.196.36.132 witch is my lan gateway ok.


  • Banned

    Dude, post some network diagram and configuration screenshots. You make no sense.



  • ok i will do that on photoshop give me 5 minutes ok




  • Banned

    Nope, sorry. There is no LAN and two WANs, or WTH is this? This whole thing appears just totally upside down.



  • Yes there are the first one is on 10.0.0.1 subnet 255.255.255.0 and second is 85.196.36.132 with subnet 255.255.255.192 and what I use in my network.


  • Rebel Alliance Global Moderator

    Huh??

    85.196.36.132/26

    So you just pulled that out of thin air?

    Or are you
    inetnum:        85.196.33.0 - 85.196.36.255
    netname:        GLOBALNETWORKS
    address:        Greece

    So your using public IPs behind a nat?  .132 is a bit odd address to use in that network, wire would be .128, so .129 or .190 would be more likely for a gateway.

    You could unplug your internet connection and your lan should still respond..  Not sure what lan network has to do with the wan/internet connection..  And seems odd to be using that network on the lan side?



  • My lan is 85.196.36.129 - 85.196.36.190 range with subnet 255.255.255.192 it wasnt set by me.


  • Banned

    @paotasos:

    it wasnt set by me.

    And it was set by whom? I strongly doubt this has ever, like ever, ever worked.



  • Everythink is working fine no problems is just that pfsense when my isp fails the gateway 85.196.36.132 would not work not even ping it and I have to restart pfsense box.


  • Rebel Alliance Global Moderator

    So what are the interfaces on pfsense?? Just wan that gets a 10.x rfc1918 address, and then public IPs behind that nat??  then what IP do you get on the public side.. So if you from a client with one of those 85.x.x.x addresses got to http://www.whatsmyip.org/ what IP does it show?

    I also would like to know who set this up.. Seems completely pointless sort of setup to put public IPs behind a nat???  So what network is it natted to on the public side?

    Why don't you just use say 192.168.1.0/24 on your lan side??  Its a double nat but your double natting now just using public where it shouldn't be used, ie behind a nat ;)

    Also why do we have voting buttons on this question??



  • My public ip changes its not a static is just a simple vdsl connection.


  • Banned

    @paotasos:

    My public ip changes its not a static is just a simple vdsl connection.

    Dude. Stop stealing public IP range. Period. Use RFC1918 IPs on your LAN. If does not matter who did set this clusterfuck up. Unless your ISP specifically assigned and routed that /26 to you, you do NOT use any such thing anywhere on your network.



  • no the modem/routers is not bridge i just use a stac ip 10.0.0.1 which is the routers ip.


  • Banned

    No. You do not use public IPs that do not belong to you on LAN, or anywhere elese. Bridge the modem, or sit behind double NAT, your problem. Just stop stealing public IP space.



  • 85.196.36.x with subnet 255.255.255.192 is not a public ip.


  • Banned

    Dude, you should not administer any firewall. Keep your hands off networking. As already noted above:

    
    % Information related to '85.196.33.0 - 85.196.36.255'
    % Abuse contact for '85.196.33.0 - 85.196.36.255' is 'info@globalnetworks.gr'
    
    inetnum:        85.196.33.0 - 85.196.36.255
    netname:        GLOBALNETWORKS
    descr:          Customers
    country:        GR
    admin-c:        RA1850-RIPE
    tech-c:         RA1850-RIPE
    status:         ASSIGNED PA
    mnt-by:         MNT-GLOBALNETWORKS
    mnt-lower:      MNT-GLOBALNETWORKS
    mnt-domains:    MNT-GLOBALNETWORKS
    source:         RIPE  Filtered
    
    

    You use RFC1918 IP ranges for local networks. Not random stolen public stuff.


  • Rebel Alliance Global Moderator

    @paotasos:

    85.196.36.x with subnet 255.255.255.192 is not a public ip.

    What???  Yes it is dude – I already posted who its owned by..

    inetnum:        85.196.33.0 - 85.196.36.255
    netname:        GLOBALNETWORKS
    descr:          Customers
    country:        GR
    admin-c:        RA1850-RIPE
    tech-c:        RA1850-RIPE
    status:        ASSIGNED PA
    mnt-by:        MNT-GLOBALNETWORKS
    mnt-lower:      MNT-GLOBALNETWORKS
    mnt-domains:    MNT-GLOBALNETWORKS
    source:        RIPE # Filtered

    role:          Route Admin
    address:        GIANNITSON 90, 54627, THESSALONIKI
    address:        Greece
    phone:          +30 2310 254036
    admin-c:        GP1515-RIPE
    tech-c:        GP1515-RIPE
    nic-hdl:        RA1850-RIPE
    mnt-by:        MNT-GLOBALNETWORKS
    source:        RIPE # Filtered



  • I dont know how much you know about subneting but 85.196.36.x is not public ip I have being using pfsense for 2 years no problem there are 40x pcs on the network never had any issues at all just the past 3 weeks or so onces my isp is disconected and connected again pfsense would just fail responting ping it or anythink and i have to restart it.


  • Banned

    @paotasos:

    I dont know how much you know about subneting but 85.196.36.x is not public ip

    Your fail.



  • and again it wasnt set by me the range dont know why they used those I personally wouldnt use them ok.


  • Rebel Alliance Global Moderator

    "I dont know how much you know about subneting but 85.196.36.x is not public ip "

    Clearly like a million times more than you ;)  WTF???  :rofl: I'm with dok here, you shouldn't be touching a router/firewall/switch..  if you think 85.x.x.x is not a public address..

    change your network to proper rfc1918 address space..  And then if your internet connection goes down and you can not ping your pfsense IP in your lan from one of your lan devices we can toubleshoot the problem.

    But pfsense lan IP answering ping has NOTHING to do with if there is an active internet connection or not.


  • Banned

    We don't care who did set this up. It's totally broken.



  • as well as keeping off network administration, I'd keep off setting up polls  ;D

    ![Isp Down need to restart Pfsense 2015-02-12 19-51-09.jpg](/public/imported_attachments/1/Isp Down need to restart Pfsense 2015-02-12 19-51-09.jpg)
    ![Isp Down need to restart Pfsense 2015-02-12 19-51-09.jpg_thumb](/public/imported_attachments/1/Isp Down need to restart Pfsense 2015-02-12 19-51-09.jpg_thumb)



  • All those ips 85.196.36.129-85.196.36.190 are bought by the guy before I just made a phone call to him and he told me that they are mine so using them inside the lan side its an internet cafe by the way there is no conflict.


  • Banned

    Internet café? Hmmm…  Are you absolutely sure you want to run that business without employing someone who has at least a basic clue regarding networks?

    :o :o :o


  • Netgate

    Is this your WAN IP or close (in hops) to it?

    12  78.108.32.58  210.207 ms  210.813 ms  209.843 ms

    Personally, I would configure your network COMPLETELY differently.

    You really should hire someone to fix this for you.



  • MMM my smart friend what kinda of diplomas do you have because I have worked for cisco sun microsystem etc mmmm I dont know I had a simple question why does pfsense freeze on modem disconects..


  • Banned

    Yeah, this is completely upside down as noted at the very start… plus, I strongly doubt anyone's actually paid for /26 on a DSL and got left with dynamic DHCP assigned WAN IP on the modem.

    @paotasos:

    because I have worked for cisco sun microsystem

    ;D ;D ;D ;D ;D ;D

    Perhaps, this whole thing need an (urgent) medical help instead?


  • Netgate

    Ok.  Good luck.



  • Is for right now I have 6 vdsl connections and 5 dsl


  • Banned

    ROFL. Good luck indeed.



  • Everythinkis working no problem I also got a pfsense proxy box running almost 3 years with just 3-4 restarts that box is connected to 4 vdsl conntection with group gateway and failover no problem.


  • Banned

    @paotasos:

    that box is connected to 4 vdsl conntection with group gateway and failover no problem.

    You just told us you have "6 vdsl connections and 5 dsl" - the remaining ones are hanging out of the window? Couple of hours back, you told us you have one DSL router "is just a simple vdsl connection" and even photoshopped a pic: http://corfumedia.com/uploads/diagram.jpg

    ;D ;D ;D ;D ;D



  • ONe of the is connected direcly to a game server that provides game copy etc to pcs the other 4 are only manually if the other vdsl lines got issues and we manually add the gateways to the computers dont forget this is greece lines are pretty bad.


  • Banned

    Concluding this utter waste of time:

    Go hire someone qualified to fix and maintain your network.