Lan Interface Stop responding and firewall need to be reboot

arbisoft

Hello,
I'hv setup pfsense with three Gigabit NIC's on dell R200.
          1-LAN (connected with private network Gigabit port  of switch 2950)
          2-WAN1
          3-WAN2
LAN is connected  with my internal network (350 users) and WAN1 , WAN2 are ISP links with 20MB and 30 MB connections , doing load balancing and failover on wan gateways.
After running pfsense for some time Its LAN interface stop responding and no internet on lan . I can not ping from inernal network to lan nic ip and from pfsense to any local network ip address.
lan interface status shows in/out error and collision

In/out errors 288892336/523314112
Collisions 2353325

I have change the cables , PCI express card and ports of lan interface  but the issue persist. Every time I reboot the pfsense to make it work again, as ifconfig (lan) down  :::  ifconfig (lan) up does not work. I am on latest release 2.2.5.

my question is why this lan interface stop responding?
I have share the internet with my users  using a simple ubuntu machine work as a nat router. Its interface never goes down or I can not see any error or collision on it even in a excessive load.

doktornotor

So you have gazillions errors there and wonder why does it stop responding? I'd say the HW is shit.

arbisoft

Thanks for reply.
I have changed the NIC adapters. Before It was Broadcom built in interface in server using it for lan interface. Now I add Intel PCI express card to server but facing the same issue.
lan Interface stop functioning where there is high load of traffic.
No error on WAN interfaces on same ports.

divsys

Doesn't sound like a pfSense issue at this point.

If you believe you've isolated out the NIC's as your possible hardware problem, now you get move on to the rest of your network.

Your stuck troubleshooting on the LAN side - patch cables, your switch ports, the switch itself, the various LAN devices attached.

arbisoft

lan interface is terminated at cisco switch 2950 on gig port with native vlan, all my lan devices dlink hubs(connected with end pc's), rukus wireless ap's are also connected with same switch. 
Change patch cables ,checked with dlink switch between lan and cisco 2950 but no success, lan interface hangs shows in/out error and collision , box require reboot to work it again.
If I replace the pf box with linux machine of nat router to share the internet for my nodes I can not see any error on its lan adapter.

Derelict

dlink hubs(connected with end pc's)

Hubs?

So you have one switch with a bunch of unmanaged consumer crap daisy-chained off it?

arbisoft

Yes, this is scenario and working for last 7 months without issue.
I have just un-plugged all cables from switch , connect my machine with switch and flood the box lan ip with hping run on my system.
interface status shows error
In/out errors 28889/0

Derelict

Guess you reached critical mass on your shitty network.

arbisoft

Here is my  linux nat machine interface replaced with  pfsense , no error on interface even with flood hping.
eth1      Link encap:Ethernet  HWaddr 0c:54:a5:51:32:b2 
          inet addr:x.x.x.x  Bcast:172.16.255.255  Mask:255.255.0.0
          inet6 addr: fe80::e54:a5ff:fe51:32b2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:635836980 errors:0 dropped:431 overruns:0 frame:0
          TX packets:460361724 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:73792371229 (73.7 GB)  TX bytes:286723195687 (286.7 GB)
I have to work with same network for some time.
Is there a way to make my pf interface never goes down?

Derelict

You need to find your layer 1 / layer 2 problem and everything will run fine.

arbisoft

Thanks Derelict@Derelict:

You need to find your layer 1 / layer 2 problem and everything will run fine.

checking the switch config , I found errors on switch port attached with pf lan interface. After terminating lan interface to switch gig port and setting the duplex and speed solved the issue. Now it is working fine and vanished in/out error on interface.
:)

MaxHeadroom

Hi,

i had also equel problem but only with a slow, sometime broken connection to pfsense  WebGui from lan.
Suricata show me ACK missmatch and other crazy thinks.

My problem was a flapping WAN port .
Setting to 1GbitFD fixed on card and switch solved also my problem.

Maybe a bad cable but now it runs…

regards
max