Netgate SG-1000 microFirewall

Author Topic: The link state of an interface (bridge member) goes up/down continuously  (Read 19336 times)

0 Members and 1 Guest are viewing this topic.

Offline webroy

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #45 on: January 15, 2014, 01:13:21 am »
Thank you Stephan for youre time !

I will check those links out and will publish the result.

Offline webroy

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #46 on: January 15, 2014, 03:00:57 am »
Unfurtantly the links you provided did not solve the problem.

When i ping my server behind the pfsense bridge it pings good and then loses sometimes 5 pings or more.... i do not understand why.. server is down for sometime.. I put the same server behind an other firewall ( Sonicwall) and no problems...

I ping from differtent locations to the server and different internet providers.. the logs of the pfsense do not show a thing..

Offline webroy

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #47 on: January 15, 2014, 05:01:16 am »
Oke what i did;

reinstalled pfsense 2.1 now with version i386 in stead of amd64.

After install a added NO Packages.

I did a WAN -> DMZ setting and i did a LAN setting (3x NIC)

A added all 3 GitHub rules ( like mentioned before)

So Setup 1 non busy server behind DMZ looks oke , seconds one (non busy server looks oke) Then a third server with some more traffic and ping loss. more down then up. (load pfsense fw is 0.2)

If i put only the busier server behind the pfsense all is fine...

So the busier server behind the SOnicwall again and all goes smootly.


It looks like if i get over 10000 states the error occurs ... in the firewall settings is see this:

Note: Leave this blank for the default. On your system the default size is: 326000 so that should be oke...


Fact is that the more traffic over the pfsense FW the more time out and problems i have....
« Last Edit: January 15, 2014, 05:11:57 am by webroy »

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11960
  • Karma: +469/-15
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #48 on: January 15, 2014, 06:10:26 am »
You tried the tuning options on your em NICs?

It's not surprising that once you hit, whatever your problem is, it shows more the more traffic you push through the box.

Is there anything in the logs? As you've said 10000 states show be no problem for your hardware.

Steve

Offline webroy

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #49 on: January 15, 2014, 06:13:24 am »
Hi stephen , i made a new topic because this looks like another problem..

http://forum.pfsense.org/index.php/topic,71432.0.html
« Last Edit: January 15, 2014, 06:23:36 am by webroy »

Offline kevin067

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #50 on: January 29, 2014, 04:00:35 pm »
I am having this problem currently, and I do have a bridge with the wireless and the lan adapter without an assigned ip address.

if I try to apply patch 793299b8f5bdc0fd167093cc5ab9f3f30f0d77ac

it tells me that it cannot apply it, upon inspection of the latest 2.1 code in rc.newwanip. It is quite different it seems so the reason for the patch failure.

If I apply patch 58ee84b4b2f9daba87e44abf663026c6266a7cd8
this seems to go through. But does not fix my problem.

I don't really want to assign ip address's to these adapters behind the bridge. Anybody work this out?

I am on pfsense 2.1 with two intel pro lan gbe adapters.
Here is my interfacelayout.

Wan = em0 (dhcp)
Lan = em1 (none)
WIFI= ath0 (none)
Intranet = (static) bridge0  (lan,wifi)

I have also applied the other tunables for intel lans with no improvement

The symptoms are that after a day or two of running I will find em1 cycling up and down and of course the network is offline while it is down.


Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11960
  • Karma: +469/-15
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #51 on: January 29, 2014, 05:38:50 pm »
If you're experiencing the problem described in this thread the interface will 'flap' continuously going up and down approximately every 10 seconds. Your logs will be filled. If that is what you're seeing the easiest thing to do is just try a 2.1.1 snapshot which already contains the patches listed here (any many more).

https://forum.pfsense.org/index.php/topic,71546.0.html

Steve

Offline jomcy

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #52 on: February 03, 2014, 03:25:13 am »
Hi,

this up/down issue is happening because of the some bug in new version and the script rc.newwanip is restarting the interfere(this script will restart the WAN interface if there is no IP on it).

actualy this script for wan interface only and unfortunately all interface in bridge considering as wan interface in new version(bug). Normal we are not assigning any IPs for all member interfaces in bridge( practical not required) so script will restart the interface. for a workaround we can assign some dummy IPs to those member interfaces and that will solve the issue.

ex: Bridge x and opt1, opt 2 and opt3 are members of it, assign 127.0.0.2 to opt1, 127.0.0.3 to opt2 and 127.0.0.4 to opt3
jomcy

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #53 on: February 03, 2014, 04:25:33 am »
As Steven says, try 2.1.1-prerelease, there are relevant fixes in that that should help.
I have been testing the latest build of it today:
Code: [Select]
2.1.1-PRERELEASE (i386)
built on Sun Feb 2 12:42:30 EST 2014
FreeBSD 8.3-RELEASE-p14
and it is running nicely for everything I do.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline kevin067

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: The link state of an interface (bridge member) goes up/down continuously
« Reply #54 on: February 03, 2014, 11:35:39 pm »
I can confirm also that 2.1.1 prerelease fixes the cycling issue after 3 days of running no issues. 2.1.1 also fixed snort clearing it's block table.

Firewall logs also seemed to stay in sync after rule changes.