2.2.4 stops routing traffic internally?
casperiv last edited by
I have a very strange issue at one location where pfsense 2.2.4 stops routing traffic between the WAN and LAN interface. The problem seems to occur after a power outage or reboot, and sometimes can not be corrected without a reinstall. The initial problem box was installed with an early 2x version, and upgraded to 2.2.4, so I tried a fresh install of 2.2.4 and still had the problem a day later. I replaced the hardware, fresh installed 2.2.4 and loaded the config and had the same problem. Finally I installed 2.2.4, only setup the WAN with the PPPOE settings and the LAN settings, with no firewall rules, and still managed to have the same issue. I have tried 3 pieces of hardware, 4 downloads of pfsense, 3 primary switches behind the firewall, and all to no avail (the switches were a shot in the dark).
How I have tested: When the problem occurs, I have tried pinging through and browsing through. I can reach the firewall but nothing WAN side. When I log into the firewall and disable all firewall functions, there is no change. From the firewall, I can ping out to the world as well as internally (obviously since I can log in internally). When I check the logs they are empty. No block notifications or errors. Nothing, not UDP or TCP can get through or even seems to be acknowledged by the opposite interface. When I check the bandwidth usage and other graphs, traffic is obviously hitting both interfaces, but not being continued through. The PPPOE interface for WAN is stable and I can ping from external sources to the IP of the firewall. There is no unusual traffic hitting the firewall and nothing strange happening internally. Have have disconnected the entire network from behind the firewall and tried going through it with a single device with the same result.
I have had no other locations have a problem like this, but this is the only location I have pfsense running with a PPPOE on DSL, so perhaps it's specific to this type of WAN configuration? I did find the thread talking about something similar with IPSEC, but there isn't any followup:
Can anyone point me in a direction to solve this? I would like to move up to 2.2.4 at this location if possible. It's currently running rock solid on 2.2.2.