Pfsense suddenly blocking all internet traffic



  • I'm using pfsense at home, just something to play around with and learn on.  Its been up and running for over two years now.  Last night however I went out and when I got home I could no longer connect to any webpages.  I started by restarting everything (pfsense box, cable modem, hub, wireless and PCs), no change.  Plugged my laptop directly into my cable modem, it worked.  Tried connecting to other machines on the network, no problem there.  So I start poking around pfsense and I am able to ping, tracert and even update to the latest pfsense without a problem.  Ping and tracert does not working for any other PCs on the network.  So this all leads me to believe that pfsense is all of a sudden blocking the traffic but I can't figure out where or why its happening.

    I'm at a complete loss here especially since nothing changed that would have caused internet traffic to just suddenly stop.

    Any suggestions would be greatly appreciated.



  • Have you checked the rules log to see if the pfsense is actually blocking traffic? What about the system logs? Any information?



  • @muswellhillbilly:

    Have you checked the rules log to see if the pfsense is actually blocking traffic? What about the system logs? Any information?

    Nothing in the system logs stand out as being a problem.

    When I look at the firewall logs and I filter out my main PC its showing all traffic being blocked last night.  However, its not showing any entries for today.  Which is odd because the PC is on and I've tried connecting to webpages.  The firewall logs do however show a bunch of entries for my laptop this morning and all entries are showing as pass, nothing blocked at all.  Yet, my laptop cannot connect to any webpages.  So, some strange and conflicting info here.



  • I had some wierdness like that happen with a customer firewall. 
    Since time was of the essence, I got them operational again by backing up the config, reloading the latest version, and restoring the config.

    It was really strange…I could fetch a webpage from an SSH session at the console, but couldn't browse from my laptop.



  • Out of interest, have you checked to see that your filesystem on the pfsense box isn't full?



  • @almabes:

    I had some wierdness like that happen with a customer firewall. 
    Since time was of the essence, I got them operational again by backing up the config, reloading the latest version, and restoring the config.

    It was really strange…I could fetch a webpage from an SSH session at the console, but couldn't browse from my laptop.

    If I can't get this figured out this sounds like the best option.

    Out of interest, have you checked to see that your filesystem on the pfsense box isn't full?

    Disk usage is at 3% so all good there.



  • Sounds like it might be either a physical issue with the (external) NIC or possibly with the connection between the pfsense and the cable modem. Have you tried swapping the cable between the pfsense and modem? Or even swapping the cable between your pfsense and LAN?



  • @muswellhillbilly:

    Sounds like it might be either a physical issue with the (external) NIC or possibly with the connection between the pfsense and the cable modem. Have you tried swapping the cable between the pfsense and modem? Or even swapping the cable between your pfsense and LAN?

    I don't think its between pfsense and the cable modem because I can ping and tracert from the pfsense GUI and I was able to download and update to the lastest version of pfsense.

    I tried swapping the cable between pfsense and the LAN but it didn't change anything.  I suppose it possible that NIC is bad but it does have a link light and activity.  And the main page of the pfsense GUI does show both the LAN and WAN as green

    *Now that I think about it, the LAN NIC has to be fine otherwise I don't think I'd be able to access the pfsense GUI from my main PC



  • Can PFSense ping an external IP like 8.8.8.8?



  • Which version do you run on which hardware?
    Do you have packages installed?



  • @Harvy66:

    Can PFSense ping an external IP like 8.8.8.8?

    Yep, I can ping externally.  I was able to ping microsoft.com, hotmail.com, google.com and got successful replies back on them all.

    @viragomann:

    Which version do you run on which hardware?
    Do you have packages installed?

    I'm running the latest version 2.2.2.  I'm running in on an older PC with a dual-core AMD processor, 6gb RAM and a pair of gigabit NICs.  I don't have any packages installed.



  • Can one of your LAN devices ping the LAN IP of PFSense and also the WAN IP.



  • @Harvy66:

    Can one of your LAN devices ping the LAN IP of PFSense and also the WAN IP.

    Yes, I am able to ping both from my PC.

    Something else I noticed, Windows isn't showing an exclamation on my network connection.  If I hover on the icon in the task bar it shows connected.  Which now even more makes me think pfsense is just blocking traffic for no apparent reason.



  • @talon4x4:


    I'm running the latest version 2.2.2.
    ...

    DNS ? Are you running the Resolver or the Forwarder  ?



  • @almabes:

    I had some wierdness like that happen with a customer firewall. 
    Since time was of the essence, I got them operational again by backing up the config, reloading the latest version, and restoring the config.

    It was really strange…I could fetch a webpage from an SSH session at the console, but couldn't browse from my laptop.

    I finally decided to just do this and it fixed all my problems.  I'm not sure why I was having issues and I really wish I could have figured out what was going on.  But the natives (my wife and kids) were getting restless so I had to get it fixed ASAP.  :-)



  • If you're not running the NanoBSD image put your pfSense box on a UPS.  The UFS filesystem doesn't like to deal with repeated failings of the local electrical utility.  That killed another customer pfSense firewall.

    After getting the bill for the firewall recovery, they had no problem with me installing a UPS.



  • @almabes:

    If you're not running the NanoBSD image put your pfSense box on a UPS.  The UFS filesystem doesn't like to deal with repeated failings of the local electrical utility.  That killed another customer pfSense firewall.

    After getting the bill for the firewall recovery, they had no problem with me installing a UPS.

    My PC, laptop, pfsense box and monitor are all hooked to a UPS.  I spent too much money on my main PC to trust the electrical of a 60 year old house.  :-)


Log in to reply