I have USB to Ethernet adapter DLINK DUB-E100 revision C1. I was trying to use it on newest pfesense release, which is based on freebsd 10.1-RELEASE-p25. After installing pfsense, I could ping the system, but was not able to reach it's webpage, which I was able to do via other ethernet port. I was searching for solution and found this topic on pfsense forum: https://forum.pfsense.org/index.php?topic=63159.0 Then I created a ticket on their bug tracker, but reply was "it's not our issue, contact freebsd support". That is what I am doing right now. If you need any additional information feel free to tell me, but keep in mind that I have never used FreeBSD before. Thanks in advance.
Hi, Did you configure the firewall and routing settings correctly? What does "ifconfig ue0" output? Is your device detected as a network adapter? Which version of FreeBSD are you using? --HPS
(In reply to Hans Petter Selasky from comment #1) Mister, it's nor firewall, nor routing settings, it's something with the drivers specificaly with C1 revision of this device. I'm not the only one having this problem. All your questions refer it's something wrong with configuration. It's not. And yes, device appears as ue0. FreeBSD version I wrote in first post, but can repeat it: 10.1-RELEASE-p25
Hi, Sorry if you have to repeat yourself. Did you try to make a tcpdump trace showing why traffic is not passing like expected: "tcpdump -i ue0 -pn -w test.pcap" The only I can think of which can be wrong is the multicast filters, which might block traffic if not set correctly. --HPS
Also, did you try to enable debugging for your driver? sysctl -a hw.usb | grep debug --HPS
If the debug knob is not there, you'll have to rebuild the network driver you are using like this: cd /usr/src make -C sys/modules/usb/xxx -m $PWD/share/mk DEBUG_FLAGS="-DUSB_DEBUG" clean make -C sys/modules/usb/xxx -m $PWD/share/mk DEBUG_FLAGS="-DUSB_DEBUG" all make -C sys/modules/usb/xxx -m $PWD/share/mk DEBUG_FLAGS="-DUSB_DEBUG" install Thank you! --HPS
Created attachment 165435 [details] pcap file
(In reply to Hans Petter Selasky from comment #5) Debug was set to 0, so I have to rebuild it, but there is no directory /usr/src, since it's pfsense, not full freebsd.
(In reply to Hans Petter Selasky from comment #4) systctl hw.usb.debug=1 it changed from 0 to 1, so it means the knob is there, right?
(In reply to Mantas from comment #8) No, that's the wrong one. You should find one like: hw.usb.axe.debug=16 Or something like that. --HPS
There is no axe.debug, but there also is no /usr/src/ directory in pfsense. How should I procede?
In your test.pcap, there are a lot of destination unreachable messages. It might indicate a misconfiguration of some kind. Traffic seems to be flowing both in and out of the adapter, so I think the problem is not there. Did you have a look at test.pcap with wireshark? --HPS
(In reply to Mantas from comment #10) Can you show me the output from: sysctl hw.usb And: ifconfig And: dmesg | grep ugen --HPS
(In reply to Hans Petter Selasky from comment #12) #ifconfig ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290 ether 00:25:d3:65:ab:ab nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) status: no carrier ale0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=c309b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MCAST,WOL_MAGIC,VLAN_HWTSO,LINKSTATE> ether 00:26:18:f9:e5:38 inet6 fe80::226:18ff:fef9:e538%ale0 prefixlen 64 scopeid 0x2 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier pflog0: flags=100<PROMISC> metric 0 mtu 33144 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0<> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE> ether c4:a8:1d:6d:ac:af inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%ue0 prefixlen 64 scopeid 0x7 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active #hw.usb hw.usb.xhci.streams: 0 hw.usb.no_boot_wait: 0 hw.usb.no_suspend_wait: 0 hw.usb.no_shutdown_wait: 0 hw.usb.debug: 0 hw.usb.template: 0 hw.usb.usb_lang_id: 9 hw.usb.usb_lang_mask: 255 hw.usb.power_timeout: 30 hw.usb.no_cs_fail: 0 hw.usb.full_ddesc: 0 hw.usb.uath.countrycode: 0 hw.usb.uath.regdomain: 0 hw.usb.urtw.preamble_mode: 2 hw.usb.ucom.cons_unit: -1 hw.usb.ucom.cons_subunit: 0 hw.usb.ucom.cons_baud: 9600 #dmesg ugen3.1: <Intel> at usbus3 ugen2.1: <Intel> at usbus2 ugen1.1: <Intel> at usbus1 ugen0.1: <Intel> at usbus0 ugen6.1: <Intel> at usbus6 ugen5.1: <Intel> at usbus5 ugen4.1: <Intel> at usbus4 ugen7.1: <Intel> at usbus7 ugen7.2: <vendor 0x2001> at usbus7 ugen3.2: <Chicony Electronics Co., Ltd.> at usbus3
(In reply to Hans Petter Selasky from comment #11) It just can't be any misconfiguration. All I do is is set ale0 interface as my lan interface. Everything works fine Then I do factory reset and configure ue0 as my lan interface. I am only able to ping destination address, but can't reach any webpage. TLDR: ale0 set as lan Works ue0 set as lan doesn't work Same is if i set ale0 as wan interface. I can perfectly reach any destination from router. But when I do it with ue0, nothing works.
Hi, I suspect maybe pfsense doesn't recognize the ue0 properly and sets up some firewall rules which block the webpage access. Can you check the statistics for the firewall - dropped packets. --HPS
Is there something like "ipfw2 show" or "ipfw show" in the command list of your pfsense installation?
(In reply to Hans Petter Selasky from comment #16) #ipfw2 show ipfw2: Command not found. #ipfw show ipfw: Context is mandatory: No such file or directory
It seems that pfsense uses pf, not ipfw, so to show everythihg: #pfctl -s all you can disable pf firewall: #pfctl -d then try to access admin web page. To enable it again: #pfctl -e
(In reply to Anatoly from comment #18) Disabling firewall didn't help
It might be the webserver in pfsense is not bound to 0.0.0.0, so it won't serve connections from non-default IPs. Try with "nc" aka netcat: nc -l 80 Does it show anything when you connect via HTTP? Sorry I cannot help you more.
(In reply to Mantas from comment #19) I see in attached test.pcap file at record 112 that you're trying to connect to port 443 (https) on 192.168.1.1 (pfsence). You (192.168.1.100) sending SYN. And something really listens on this port, since you've got SYN, ACK back (rec. 113). But this SYN, ACK obviously never reaches you. All that repeat 3 times. If it isn't firewall blocks those packets, probably they may corrupt for weird reason while traveling back. You may try: Disable checksum offloading on ue0: #ifconfig ue0 -txcsum -rxcsum Switch link to slowest mode: #ifconfig ue0 media 10baseT/UTP mediaopt half-duplex But thats really strange since there's no problems with ARP nor ICMP packets. Will it work to ping pfsence with 24-byte packets? >ping -l 24 192.168.1.1 (on windows); #ping -s 24 192.168.1.1 (on unixes)
After trying everything you suggested I have repeated all steps suggested here and doing #pfctl -d allowed me to reach the GUI. Don't know why it wasn't working last time I did it, but it might have been an error on my part, so I do apologize for that. So, after all, is it correct to say that the error is on pfsense end, not freebsd's?
Most likely problem is in pf configuration that pfsence gives to pf. Can you show your pf state: #pfctl -a '*' -s all Also, you can dump effective pf rules into file 'a': #pfctl -a '*' -s rules > a Then re-configure your system, making ale0 as lan. Dump rules into file 'b': #pfctl -a '*' -s rules > b Obviously, when you compare a and b only difference you must see is interface names.
Created attachment 165877 [details] pfctl rules with ue0
Created attachment 165878 [details] pfctl rules wtih ale0
I see no problem with rules, but they are referring to two address tables that is used as "blacklists": snort2c and webConfiguratorlockout. Can you show me content of those tables (while ue0 as lan): #pfctl -t snort2c -T show #pfctl -t webConfiguratorlockout -T show And your nat/redirect rules also: #pfctl -s nat The other situation I can think of is if ue0 disappears from the system (for some USB related matters) after pf rules was loaded. And when it appears back, pf may have troubles to handle it (although it must). Can you check output of #dmesg or /var/log/messages to see if some USB disconnects of ue0 occurs? Anyway, in such a situations clearing firewall state and reloading rules again may help. You may try: Just for sure #pfctl -d Test. #pfctl -e Clear pf state tables: #pfctl -F state Test. Clear pf address tables (your blacklists e.t.c.) #pfctl -F Tables Test. Now you need pf config (rules) file to reload. Simplest is to dump existing rules: #pfctl -s rules > aa (it's like previously created 'a', but without anchors information. You may also use 'a' but it needs to remove by hand all "anchor "*" all { }") Check that file isn't empty. This file will not contain nat/redirects, but enough for test. Or, in FreeBSD default location for pf config that is applied at boot is /etc/pf.conf. You may examine that file to see if it contain similar rules and have right modification date. Clear everything: #pfctl -F all Load rules back: #pfctl -f aa See if no errors occurs. Test.