4. Broken Static IPv4 WAN, DHCP WORKS

Broken Static IPv4 WAN, DHCP WORKS

  • B

    Problem: WAN interface works for about 1 minute sometimes with a static ipv4 IP. DHCP WAN works fine for hours.

    I have an intel atom pfsense box I brought over to test. Static IPv4 works fine on it with the same settings. Also running 2.2.6.

    Troubleshooting thus far: On a machine on the LAN I had a continuous ping of 8.8.8.8 running. I ran a packet capture on the pfSense WAN interface during this whole process until I lost connectivity. I saw TCP application data, DNS response, ping replies, NTP exchanges, ARP broadcasts and replies, etc. Everything working fine. 40s into the capture it stops behaving and it shows nothing but DNS queries originating from WAN static IP, ping requests, some TCP retransmissions… and  ARP broadcasts from the ISP Router,
    Right before I stopped getting ping responses, the gateway ARPed for the static ip 5 times, once every ~30ms. pfsense responded immediately to each arp with the spoofed MAC as it did earlier in the capture. For the next 2 seconds I got 2 ping replies and then nothing. Same result without spoofing MAC.

    The hardware for the hypervisor:
    ASROCK Extreme 7+ with two onboard Intel NICs
    Intel I5 6500
    Crucial DDR5 2 x 8GB
    Intel PRO/1000 Pt 2 port NIC

    Proxmox 4.1
    Pfsense VM has...
    3 of the NICS assigned to pfSense VM. eth1-3. WAN on one of the PCI Intel ports.
    VirtIO for the network cards
    1 core
    2gb ram
    15gB RAW cache writeback virtio HD.

    /etc/network/interfaces

    # network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

iface eth2 inet manual

iface eth3 inet manual

auto vmbr0
iface vmbr0 inet static
	address  172.31.1.0
	netmask  255.255.254.0
	gateway  172.31.0.10
	bridge_ports eth0
	bridge_stp off
	bridge_fd 0

#LAN
auto vmbr1
iface vmbr1 inet manual
	bridge_ports eth1
	bridge_stp off
	bridge_fd 0

#DMZ
auto vmbr2
iface vmbr2 inet manual
	bridge_ports eth2
	bridge_stp off
	bridge_fd 0

#WAN
auto vmbr3
iface vmbr3 inet manual
	bridge_ports eth3
	bridge_stp off
	bridge_fd 0
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy