The pfSense Store

Author Topic: ISP blocked pfSense router due to too many dhcp requests  (Read 2898 times)

0 Members and 1 Guest are viewing this topic.

Offline bartgrefte

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
ISP blocked pfSense router due to too many dhcp requests
« on: November 08, 2011, 07:34:27 am »
Hi,

this morning my pfSense 1.2.3 router got blocked by my ISP because it was doing about 10k dhcp request in half an hour according to them. Couldn't find the cause so did a clean install of pfSense 2.

Still no luck getting the connection back up, however it works as soon as I hook up my laptop directly to the fiber modem.

Any idea's? Setting the IP static didn't work, has to be dhcp.

pfSense's log:
Code: [Select]
Nov 8 14:29:11 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:10 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:10 dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:10 dhclient: PREINIT
Nov 8 14:29:10 kernel: em1: link state changed to UP
Nov 8 14:29:10 check_reload_status: Linkup starting em1
Nov 8 14:29:08 kernel: em1: link state changed to DOWN
Nov 8 14:29:08 check_reload_status: Linkup starting em1
Nov 8 14:29:08 php: : HOTPLUG: Configuring interface wan
Nov 8 14:29:08 php: : DEVD Ethernet attached event for wan
Nov 8 14:29:06 php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:29:06 dhclient[57605]: exiting.
Nov 8 14:29:06 dhclient[57605]: exiting.
Nov 8 14:29:06 dhclient[57605]: connection closed
Nov 8 14:29:06 dhclient[57605]: connection closed
Nov 8 14:29:06 php: : DEVD Ethernet detached event for wan
Nov 8 14:29:05 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:03 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:29:03 dhclient[57253]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:29:03 dhclient: PREINIT
Nov 8 14:29:02 kernel: em1: link state changed to UP
Nov 8 14:29:02 check_reload_status: Linkup starting em1
Nov 8 14:29:01 kernel: em1: link state changed to DOWN
Nov 8 14:29:01 check_reload_status: Linkup starting em1
Nov 8 14:29:01 php: : HOTPLUG: Configuring interface wan
Nov 8 14:29:01 php: : DEVD Ethernet attached event for wan
Nov 8 14:29:00 apinger: Error while feeding rrdtool: Broken pipe
Nov 8 14:28:59 php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:28:59 dhclient[43226]: exiting.
Nov 8 14:28:59 dhclient[43226]: exiting.
Nov 8 14:28:59 dhclient[43226]: connection closed
Nov 8 14:28:59 dhclient[43226]: connection closed
Nov 8 14:28:59 php: : DEVD Ethernet detached event for wan
Nov 8 14:28:58 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 5
Nov 8 14:28:56 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:28:56 dhclient[43129]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:56 dhclient: PREINIT
Nov 8 14:28:55 kernel: em1: link state changed to UP
Nov 8 14:28:55 check_reload_status: Linkup starting em1
Nov 8 14:28:54 kernel: em1: link state changed to DOWN
Nov 8 14:28:54 check_reload_status: Linkup starting em1
Nov 8 14:28:54 php: : HOTPLUG: Configuring interface wan
Nov 8 14:28:54 php: : DEVD Ethernet attached event for wan
Nov 8 14:28:52 php: /status_interfaces.php: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output > /tmp/em1_error_output' returned exit code '15', the output was ''
Nov 8 14:28:52 dhclient[33927]: exiting.
Nov 8 14:28:52 dhclient[33927]: exiting.
Nov 8 14:28:52 dhclient[33927]: connection closed
Nov 8 14:28:52 dhclient[33927]: connection closed
Nov 8 14:28:52 php: : DEVD Ethernet detached event for wan
Nov 8 14:28:52 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 3
Nov 8 14:28:50 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 2
Nov 8 14:28:49 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:49 dhclient[33819]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1
Nov 8 14:28:49 dhclient: PREINIT
Nov 8 14:28:48 kernel: em1: link state changed to UP
Nov 8 14:28:48 check_reload_status: Linkup starting em1
Nov 8 14:28:47 kernel: em1: link state changed to DOWN
Nov 8 14:28:47 check_reload_status: Linkup starting em1
Nov 8 14:28:44 dhclient[9601]: exiting.
Nov 8 14:28:44 dhclient[9601]: exiting.
Nov 8 14:28:44 dhclient[9601]: connection closed
Nov 8 14:28:44 dhclient[9601]: connection closed
Nov 8 14:28:29 check_reload_status: Reloading filter

Hardware: MSI IM-945GSE-A, two onboard Intel 82574L GbE LAN NIC's, 1GB RAM, 2GB CF card.
« Last Edit: November 08, 2011, 07:39:53 am by bartgrefte »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14978
  • Karma: +4/-0
    • View Profile
Re: ISP blocked pfSense router due to too many dhcp requests
« Reply #1 on: November 08, 2011, 08:38:47 am »
Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.

That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5262
  • Karma: +0/-0
    • View Profile
Re: ISP blocked pfSense router due to too many dhcp requests
« Reply #2 on: November 08, 2011, 08:42:22 am »
It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.

Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.

Offline bartgrefte

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Re: ISP blocked pfSense router due to too many dhcp requests
« Reply #3 on: November 08, 2011, 09:05:19 am »
Are you spoofing the MAC on your WAN? If so, remove the spoof, reboot, and see if it continues.

That log is showing that the actual network link is going down/up. So either your modem port is dropping the link to the pfSense box repeatedly, or you're hitting this: http://redmine.pfsense.org/issues/1572
I was with the previous ISP and forgot to remove it (didn't cause any problems though, ran fine for months). But the log I posted is from a clean install of pfSense 2.
pfSense 1.2.3 only mentioned lines like these in the log "dhclient[3207]: DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1"

It looks as if dhclient is not seeing any reply to its DHCPDISCOVER.

Is the ISP sending you a reply? If not, ask why? You could run a packet capture on the WAN interface to look for replies to the DHCPDISCOVER.
ISP said they where sending a reply, pfSense did not seem to see it though.

Right now I've got my laptop with XP hooked up directly to the modem which works normal. I also am working on a Debian install to see if that works, was already planning on switching to Debian (or any Linux distro) anyway.
« Last Edit: November 08, 2011, 09:08:23 am by bartgrefte »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14978
  • Karma: +4/-0
    • View Profile
Re: ISP blocked pfSense router due to too many dhcp requests
« Reply #4 on: November 08, 2011, 09:09:37 am »
If you are seeing those log entries on an interface without a spoofed mac, then there is something going on physically. It's reporting that it's losing link, so it could be the NIC or the cable or something along those lines.

At the very least you could try swapping the assignment of WAN and LAN to see if the problem follows the NIC. Swapping out the cable is cheap and easy, so also worth a try.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline bartgrefte

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Re: ISP blocked pfSense router due to too many dhcp requests
« Reply #5 on: November 08, 2011, 09:41:45 am »
Did that, made no difference. Same issue with both NIC's. Also hooked it up with a short cable to the cablemodem, also no difference.

edit: I'm back in business. Couldn't get Debian to cooperate (guess I'll have to learn more about Debian before I try that again), but IPFire was willing to cooperate, I'm back online :) , now hoping it keeps working.

But I've still no clue what happened this morning with pfSense.
« Last Edit: November 08, 2011, 10:18:40 am by bartgrefte »