Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Wed, Dec 9, 2009 at 07:38, RB aoz@gmail.com wrote: I made a special trip - log attached. A check of my tcpdump monitoring actually indicates that while ng0 does not see return traffic, the physical interface (actually fxp3) does. It's also indicating that the return packets are 2 bytes larger than it expects (86B versus 84B for ICMP to 4.2.2.2). I spent several hours last night trying to dig into this, and am coming up empty-handed. I can't explain the 2B tcpdump artifact, but the issue remains that although return traffic is coming in, ng0 is not passing it back. Tried disabling filtering to no avail, but I noticed that 'pfctl -sa' still showed rules configured - does 'Disable Filtering' not perform a flush? I'll try a reboot, but have little confidence that will make a positive difference at this point. Something changed with mpd between 1.2.3-RC1 and 1.2.3-RC3 to the extent that it no longer works for my ADSL provider. I don't know if it was a change within mpd itself, the removal of the ng_* modules, or something completely different, but pfSense is not currently a viable router for me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
Am 09.12.2009 um 15:38 schrieb RB: I made a special trip - log attached. A check of my tcpdump monitoring actually indicates that while ng0 does not see return traffic, the physical interface (actually fxp3) does. It's also indicating that the return packets are 2 bytes larger than it expects (86B versus 84B for ICMP to 4.2.2.2). mpd.log Something changed with mpd between 1.2.3-RC1 and 1.2.3-RC3 to the extent that it no longer works for my ADSL provider. I don't know if it was a change within mpd itself, the removal of the ng_* modules, or something completely different, but pfSense is not currently a viable router for me. in short: they switched to FreeBSD-7.2 Hi there, i guess its a problem of FreeBSD 7.1 with some fxp(4) chip-sets. I had a similar problem and submitted a bug to FreeBSD: http://www.freebsd.org/cgi/query-pr.cgi?pr=138135 but i was not able to check out if this is working or not, so ... Your best chance is to disable checksum offloading ifconfig fxpX inet ... -rxsum or wait for a newer version of FreeBSD What does pciconv -lc gives you? f...@pci0:2:11:0: class=0x02 card=0x000c8086 chip=0x12098086 rev=0x09 hdr=0x00 vendor = 'Intel Corporation' device = '8255xER/IT Fast Ethernet Controller' class = network subclass = ethernet Tom -- kommunity GmbH Co.KG - Goseriede 4, D-30159 Hannover Telefon: +49 (0)5 11 - 80 72 58 - 0 Fax: +49 (0)5 11 - 80 72 58 - 10 Mail: mailto:tmu...@kommunity.net, Web: http://www.kommunity.net USt.-IDNr.: DE 813740826; Handelsregister: Amtsgericht Hannover; Registernummer: HRA 26721; Persönlich haftende Gesellschafterin: kommunity Verwaltungsgesellschaft mbH vertreten durch den Geschäftsführer Tom Müller-Kortkamp; Handelsregister: Amtsgericht Hannover; Registernummer: HRB 60200 Teamviewer-Support-Link: http://www.kommunity.biz - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
Not that it helps much, but I have had severe problems with the fxp driver under BSD/pfsense. I mentioned this a while back and Chris suggested that this was only in a few snapshots. Not being one to argue with a support/developer because I am in awe with this project, but I can replicate traffic flow issues easily on the Pro100's with the fxp driver in any 1.2.x release. I have a For me the issue was exactly like you are describing. Can connect and everything appears OK, but just zero traffic flow. Nothing useful in logs. Then all of a sudden it would start passing traffic, but then get sketchy and eventually stop again. Something like a simple ping from LAN to WAN would fail 20% of the time,,, but ping of the interfaces was always fine. I moved to the GT giganics and all my pfsense boxen are bullet proof. Cheers, Tim On Thu, Dec 10, 2009 at 8:27 AM, Tom Müller-Kortkamp tmu...@kommunity.netwrote: Am 09.12.2009 um 15:38 schrieb RB: I made a special trip - log attached. A check of my tcpdump monitoring actually indicates that while ng0 does not see return traffic, the physical interface (actually fxp3) does. It's also indicating that the return packets are 2 bytes larger than it expects (86B versus 84B for ICMP to 4.2.2.2). mpd.log Something changed with mpd between 1.2.3-RC1 and 1.2.3-RC3 to the extent that it no longer works for my ADSL provider. I don't know if it was a change within mpd itself, the removal of the ng_* modules, or something completely different, but pfSense is not currently a viable router for me. in short: they switched to FreeBSD-7.2 Hi there, i guess its a problem of FreeBSD 7.1 with some fxp(4) chip-sets. I had a similar problem and submitted a bug to FreeBSD: http://www.freebsd.org/cgi/query-pr.cgi?pr=138135 but i was not able to check out if this is working or not, so ... Your best chance is to disable checksum offloading ifconfig fxpX inet ... -rxsum or wait for a newer version of FreeBSD What does pciconv -lc gives you? f...@pci0:2:11:0: class=0x02 card=0x000c8086 chip=0x12098086 rev=0x09 hdr=0x00 vendor = 'Intel Corporation' device = '8255xER/IT Fast Ethernet Controller' class = network subclass = ethernet Tom -- kommunity GmbH Co.KG - Goseriede 4, D-30159 Hannover Telefon: +49 (0)5 11 - 80 72 58 - 0 Fax: +49 (0)5 11 - 80 72 58 - 10 Mail: mailto:tmu...@kommunity.net, Web: http://www.kommunity.net USt.-IDNr.: DE 813740826; Handelsregister: Amtsgericht Hannover; Registernummer: HRA 26721; Persönlich haftende Gesellschafterin: kommunity Verwaltungsgesellschaft mbH vertreten durch den Geschäftsführer Tom Müller-Kortkamp; Handelsregister: Amtsgericht Hannover; Registernummer: HRB 60200 Teamviewer-Support-Link: http://www.kommunity.biz - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Thu, Dec 10, 2009 at 10:29, Tim Dressel tjdres...@gmail.com wrote: For me the issue was exactly like you are describing. Can connect and everything appears OK, but just zero traffic flow. Nothing useful in logs. Then all of a sudden it would start passing traffic, but then get sketchy and eventually stop again. Something like a simple ping from LAN to WAN would fail 20% of the time,,, but ping of the interfaces was always fine. I moved to the GT giganics and all my pfsense boxen are bullet proof. Tom's explanation is plausible, even probable - thanks Tom! For me there is no traffic flow at all, return traffic is just being silently dropped between fxp3 and ng0. Unfortunately, I can't change to GbE NICs, or I would; this particular system is embedded in the sense that it's a repurposed appliance with no external PCI slots, so it has what it has. I'll try turning off ToE in a few hours and report the results. If all goes well, I'd hope the 1.2.3 final version picks up the noted stable/7 change. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Thu, Dec 10, 2009 at 1:21 PM, RB aoz@gmail.com wrote: On Thu, Dec 10, 2009 at 10:29, Tim Dressel tjdres...@gmail.com wrote: For me the issue was exactly like you are describing. Can connect and everything appears OK, but just zero traffic flow. Nothing useful in logs. Then all of a sudden it would start passing traffic, but then get sketchy and eventually stop again. Something like a simple ping from LAN to WAN would fail 20% of the time,,, but ping of the interfaces was always fine. I moved to the GT giganics and all my pfsense boxen are bullet proof. Tom's explanation is plausible, even probable - thanks Tom! For me there is no traffic flow at all, return traffic is just being silently dropped between fxp3 and ng0. Unfortunately, I can't change to GbE NICs, or I would; this particular system is embedded in the sense that it's a repurposed appliance with no external PCI slots, so it has what it has. I'll try turning off ToE in a few hours and report the results. If all goes well, I'd hope the 1.2.3 final version picks up the noted stable/7 change. Sorry, but we have missed the boat on that. Release announcement is forthcoming. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On 2009-12-10, Scott Ullrich sullr...@gmail.com wrote: I'll try turning off ToE in a few hours and report the results. If all goes well, I'd hope the 1.2.3 final version picks up the noted stable/7 change. This was the fix - thanks, Tom, for identifying such an edge case and linking it to your bug! Sorry, but we have missed the boat on that. Release announcement is forthcoming. Well, for posterity's sake then: if you have trouble in pfSense/FreeBSD with traffic not passing through an Intel 10/100 NIC (fxp), particularly when return/inbound packets aren't showing up in mpd or another user-level program, turn off TCP Offload. For that matter, any troubleshooting wierd with inexplicably lost traffic should involve explicitly turning off ToE. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Thu, Dec 10, 2009 at 6:54 PM, RB aoz@gmail.com wrote: Well, for posterity's sake then: if you have trouble in pfSense/FreeBSD with traffic not passing through an Intel 10/100 NIC (fxp), particularly when return/inbound packets aren't showing up in mpd or another user-level program, turn off TCP Offload. For that matter, any troubleshooting wierd with inexplicably lost traffic should involve explicitly turning off ToE. We will make note of it in the release notes, thanks Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On 12/10/2009 6:56 PM, Scott Ullrich wrote: On Thu, Dec 10, 2009 at 6:54 PM, RB aoz@gmail.com wrote: Well, for posterity's sake then: if you have trouble in pfSense/FreeBSD with traffic not passing through an Intel 10/100 NIC (fxp), particularly when return/inbound packets aren't showing up in mpd or another user-level program, turn off TCP Offload. For that matter, any troubleshooting wierd with inexplicably lost traffic should involve explicitly turning off ToE. We will make note of it in the release notes, thanks I also added a small page on the Doc wiki: http://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Wed, Dec 9, 2009 at 01:34, Ermal Luçi ermal.l...@gmail.com wrote: Please provide logs of mpd and explain more what you are trying to do and how you are trying to achive it! What I'm trying to achieve is awfully simple - with a fresh install of 1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet port (fxp1) and a switch into the other (fxp0). After configuring pfSense with the right PPPoE credentials and _nothing else_, the WAN interface comes up with a valid IP from my ISP and proper-looking MPD logs (I'm running it from the CLI to be certain). However, pinging my next hop or issuing requests to the outside DNS servers results in outbound traffic with no returns (monitoring with tcpdump -s0 -vni on fxp1 and ng0). With 1.2.3-RC1, traffic flows smoothly. I don't have logs with me because the system is down, inaccessible due to this. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On Wed, Dec 9, 2009 at 3:01 PM, RB aoz@gmail.com wrote: On Wed, Dec 9, 2009 at 01:34, Ermal Luçi ermal.l...@gmail.com wrote: Please provide logs of mpd and explain more what you are trying to do and how you are trying to achive it! What I'm trying to achieve is awfully simple - with a fresh install of 1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet port (fxp1) and a switch into the other (fxp0). After configuring pfSense with the right PPPoE credentials and _nothing else_, the WAN interface comes up with a valid IP from my ISP and proper-looking MPD logs (I'm running it from the CLI to be certain). However, pinging my next hop or issuing requests to the outside DNS servers results in outbound traffic with no returns (monitoring with tcpdump -s0 -vni on fxp1 and ng0). With 1.2.3-RC1, traffic flows smoothly. I don't have logs with me because the system is down, inaccessible due to this. Sorry but without any logging other suggestions would be a jump in crystal ball. -- Ermal
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On 12/9/2009 9:01 AM, RB wrote: On Wed, Dec 9, 2009 at 01:34, Ermal Luçi ermal.l...@gmail.com wrote: Please provide logs of mpd and explain more what you are trying to do and how you are trying to achive it! What I'm trying to achieve is awfully simple - with a fresh install of 1.2.3-RC3, I'm plugging a dumb Speedport ADSL modem in to one ethernet port (fxp1) and a switch into the other (fxp0). After configuring pfSense with the right PPPoE credentials and _nothing else_, the WAN interface comes up with a valid IP from my ISP and proper-looking MPD logs (I'm running it from the CLI to be certain). However, pinging my next hop or issuing requests to the outside DNS servers results in outbound traffic with no returns (monitoring with tcpdump -s0 -vni on fxp1 and ng0). With 1.2.3-RC1, traffic flows smoothly. I don't have logs with me because the system is down, inaccessible due to this. I've been using 1.2.3 snapshots on my pfSense router at home, and at customer sites, from RC1 through RC3 (and the release images that are pending right now even) and I haven't had any trouble, either on ATT DSL or Verizon DSL both using PPPoE. Are you sure that your DSL link is solid and noise-free? I have seen cases where routers would sign on but could not pass traffic and it turned out to be a weak DSL signal. Does this same line work with any other router? As Ermal said, posting the full log might help, even if you don't see anything out of the ordinary. Some other info that would be helpful would be the output of ifconfig -a and netstat -rn while connected. Perhaps also a traceroute to the next hop and DNS servers. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC3 PPPoE
On 2009-12-09, Jim Pingle li...@pingle.org wrote: Are you sure that your DSL link is solid and noise-free? I have seen cases where routers would sign on but could not pass traffic and it turned out to be a weak DSL signal. Does this same line work with any other router? It works with the same physical setup and 1.2.3-RC1 but not 1.2.3-RC3. As Ermal said, posting the full log might help, even if you don't see anything out of the ordinary. Some other info that would be helpful would be the output of ifconfig -a and netstat -rn while connected. Perhaps also a traceroute to the next hop and DNS servers. I made a special trip - log attached. A check of my tcpdump monitoring actually indicates that while ng0 does not see return traffic, the physical interface (actually fxp3) does. It's also indicating that the return packets are 2 bytes larger than it expects (86B versus 84B for ICMP to 4.2.2.2). mpd.log Description: Binary data - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.3-RC3 PPPoE
I've been fighting a losing battle with an update from 1.2.3-RC1 to 1.2.3-RC3 and am at the end of my options. This also exhibits in the 2.0-ALPHA-ALPHA 8.0-based snapshot I grabbed two days ago. With both an upgrade and a fresh install, when I configure a simple LAN + PPPoE WAN, the WAN negotiates and comes up with an appropriate address, but does not get return traffic. I'm able to see outbound traffic on both the physical interface and the generated ng0 interface, but nothing returns. Last time I ran into something like this it was the tcpmssfix/ng_tcpmss.ko stuff (http://forum.pfsense.org/index.php/topic,17644.0.html). Although not precisely the same (mpd isn't dying), I saw the same thing then - packets pass outbound but the returns get dropped somewhere. Suggestions? A fresh 1.2.3-RC1 install does not exhibit this behavior. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
