Client loses its connection to pfSense gateway, but not to the network
I am experiencing a very strange problem. I am at a loss here, and I truly hope someone here has an idea what is going on and how to solve it…
First I will explain my setup:
I have recently obtained a new HP Proliant Microserver Gen8 (entry level). This nifty machine is destined to take a central position in my home network.
The server comes with 2 integrated Gigabit NICs (HP NC332i) and I installed a 3rd Gigabit NIC in the PCIe slot (HP NC112T / Intel 82574L). NIC1 is connected directly to my ADSL router, NIC2 to my home network and NIC3 to my wireless router. My home network contains a total of 3 Gigabit switches in line to reach various places in my house.
(The router connection is 100Mbit due to limitations on my router)
I plan to run several VMs in KVM for various network functions, NAS, and of course for hobbying :)
I am using CentOS 7 as virtual host. I have created 4 software bridges: br_extern, br_intern, br_wifi and br_dmz. All three NICs are added as slaves to these bridges accordingly. Only br_intern has a local IP address on the virtual host.
My first VM is connected to all 4 bridges, and it runs pfSense 2.2.5 to use as firewall / router / etc. (this fulfills old dream of me :) ) pfSense configuration went without a problem, it seems to run fine. In principle it functions correctly as DHCP / DNS server and internet gateway for clients on my internal network. On my internal network I am using are several Linux clients, and on the Wifi I use Android phones and an iPad, and sometimes a Linux laptop, which all use the pfSense functions without a problem.
A very similar setup has worked flawless for years, running on an old PC, using Debian as virtual host and ipfire as firewall in a paravirtualized VM.
This is my problem:
I also have one Windows 8.1 client which loses its connection to the pfSense gateway, but not to the network itself.
This is what I have observed so far:
Initially the connection works. The machine correctly obtains a DHCP address and connects to the internet
However, after a short period, the connection with the pfSense VM fails
I can still ping the pfSense internal IP address. All other connections - SSH, web interface, DNS, DHCP, gateway, … - fail with a timeout
Obviously the W8 machine loses its internet connection
The W8 machine still connects without a problem to other clients in the internal network
I can no longer ping the W8 machine from the pfSense command line (this ping works until the connection fails)
After rebooting the W8 machine the connection stil does not work, not even for a short period
The problem seems to persist irrespective of whether Window is running - for example, in the BIOS there is also an network function that does not work
The only way I have found so far to restore the connection is by rebooting pfSense. The client can then acces pfSense and internet. However the connection inevitably fails again after a few minutes
The time until failure seems to be affected when the network is used. For example, when I stream a movie from internet on the W8 client, the connection does not fail (or at least much later) Shortly after I stop the movie the connection fails again
I tried switching NICS, using the extra 3rd NIC in stead of the builtin 2nd NIC for the internal network. This did not help
I cannot find anything unusual in the pfSense logs
All other clients in my network seem to run fine
I have installed all the latest firmwares on both the client and the server. In Windows 8 I installed all recent drivers I could find, using the tooling provided by the motherboard manufacturer. CentOS 7 is fully patched. pfSense is fully up to date.
I have spent many hours on this problem but I did not manage to solve it. ???
Who can save me?
I solved my problem! Of course my issue turned out to not be related to pfSense or Windows:
I was unaware that one of the switches I used in my network is actually a managed switch, and guess what: the management interface used the same IP address as my pfSense gateway. Now who would have thought that!?! This explains all the symptoms I have described. Changing the internal IP address on my pfSense VM solved all my problems. I am happy.
Of course pfSense helped me to solve my problem: I discovered that during the boot sequence, at the point where the interfaces are configured, a message was printed that the IP address was already in use, including the MAC address. It took me some time to figure out where this MAC address came from - but it was the switch.
At least my firmwares are up to date now ;)
Anyway, thanks for the great product, I am looking forward to years of fun using pfSense!
You should have your managed switch's management interface on a separate VLAN. Then you wouldn't have had that issue in the first place.