On Tue, 2007-06-05 at 12:51 +1200, Volker Kuhlmann wrote: > I am having exactly the same problem. pfSense 1...? RC1 (I think) on a > jokebox with 64MB RAM, so I replaced the box and all NICs with something > bigger, running pfSense 1 final (from Dec 06). > > Hosts on the DMZ remain reachable from LAN, Motorola cable modem (since > replaced with a newer model) is reachable from the LAN via the WAN > interface, proving there is no hardware fault. ISP's gateway is not > rechable from LAN or the pfSense machine. Everything looks as if the cable > service has gone down, except that I am certain it has not - each time I > reboot the pfsense machine, and Internet connectivity is back immediately. >
First, if you're not running 1.2b1, you should try it. I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a constant ping to your WAN gateway from your LAN, try to access websites, etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then you can use the webGUI to download that 'capture.pcap' file, or scp it off to another host. Send it to me via email and I should be able to see what's happening on the wire. At this point, without that, it's anybody's guess as to what's happening. If your cable company is twice as competent as our local cable company here, they'd still be completely inept. In other words, I wouldn't rule out a weird network issue on their end. Scott and I spent countless hours tracking down a really screwy issue that turned out to be something they screwed up on their network, when they claimed repeatedly they hadn't changed anything and it was a firewall problem. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
