SOLVED FreeNAS network problem - some clients blocked (no SMB, no ping, no Web, nothing...)

[steelbull]

Hi, I have installed the FreeNAS server in local network. To this server are connecting more users from more computers. After longer time of working, some computers in local network cannot access to this server. There is not problem only with SAMBA or etc. but also ping and Web interface are not working from some computers. On that computers, when I will change the network card MAC address, everything starts working. When I set the MAC address back, there is the same problem - no samba, no web interface, no ping, nothing.

Is there something like MAC filter or firewall inside FreeNAS, which are running in default configuration? Because, the problem seems to be like firewall inside FreeNAS blocked some clients and their MAC addresses.

I need to choose right way:
1- if problem is inside the freeNas for example in firewall or something another (Im using default installation, I do not enabled manually ipfw in configuration files through the console),
2 - if no problem in FreeNAS, problem will be in network.

...also I upgraded from FreeNAS 9 to 11.

Thank you for answer.
I need to solve id ASAP.
Last week was blocked about 20 computers.

 

[j0hnby]

Hi - can you post examples of your config?

 

[steelbull]

Hi - can you post examples of your config?

Hi. Thanks for fast answer.
Which configuration you mean? You want to check some screenshots of for example network configuration, or you want to check some configuration files?

 

[j0hnby]

Sure - sorry, I should have been more specific. System-General, Network-Global Configuration, and Network - Interfaces I think would be a good start.

 

[steelbull]

Sure - sorry, I should have been more specific. System-General, Network-Global Configuration, and Network - Interfaces I think would be a good start.

Its OK Im sending screenshots. The network configuration I think is right. I have access from freenas to the network and also to the internet. Most clients are working but some of them are blocked by MAC address.

 

[j0hnby]

Thanks - it' was mainly a sanity check. When you change the client's MAC - do you get a different IP? Just working through a thought process and work out what changes apart from the MAC.

As far as I know, the vanilla install doesn't have any filters in place so if you haven't manually put something in should be OK.

 

[steelbull]

Thanks - it' was mainly a sanity check. When you change the client's MAC - do you get a different IP? Just working through a thought process and work out what changes apart from the MAC.

As far as I know, the vanilla install doesn't have any filters in place so if you haven't manually put something in should be OK.

Server and also clients are running on network without DHCP and server and all clients has own static IP adresses. Therefore, If I change MAC address on blocked client computer, problem is solved and IP address is the same.

 

[j0hnby]

Hmmm, ok.

1. Can you confirm that you can see other network resources (not the freenas device) when the machine has it's original MAC.
2. Can you do a traceroute to the freenas from a not working machine, and then change it's MAC and do it again once you can see it.

 

[steelbull]

1. server cannot ping blocked client. blocked client also cannot ping or tracert server.
2. server have access to all resources on network.
3. blocked client with original MAC can see other network resources.
4. client after change MAC starts working and also ping and tracert between server and client is working.
5. I tried to change server IP to another and problem was the same.

...Im lost :-(


...also I checked the configuration through console. I found, there is installed service ipfw which is firewall, but this service is not running.

After installation of FreeNAS, I setup the base and network configuration. After It I created the sharing and I configured the smart and smb services. Thats all. Nothing special.

Some months everything works. After some months 2 clients was blocked. From that time more and more clients are blocked.

From administrators of the network I have feedbacke, that they do not changed nothing on network and do not block MAC address. They told me, if there is needed, they are never blocking client by MAC address, but they will remotely disable port on switch.

Thanks for help.

 

[j0hnby]

Very odd then.

ipfw is present on all - but unless you have fiddled with anything it should by dormant.

If you have access to the switch - patch to a different port and test then....you never know....your admins could be playing silly buggers too.

 

[steelbull]

Very odd then.

ipfw is present on all - but unless you have fiddled with anything it should by dormant.

If you have access to the switch - patch to a different port and test then....you never know....your admins could be playing silly buggers too.

Yes, you have truth. I will check tomorrow, change to another port and tomorrow I write you whats matter. Thanks a lot.

 

[steelbull]

Very odd then.

ipfw is present on all - but unless you have fiddled with anything it should by dormant.

If you have access to the switch - patch to a different port and test then....you never know....your admins could be playing silly buggers too.

Hi, the problem is solved! You were right. I changed the port on the switch and everything starts working. Therefore problem is in our networking team.

Thank you a lot for your help and support.
Have a nice day.

 

[j0hnby]

Great :) Thanks for updating us, it's always annoying when a thread just goes dead! If you want to hit a thanks for any of the posts, that'd be great ;) (Fishing there for booting my profile)

 

[D Mair]

Morning,

This just got me up and running again, Switched ports around on the switch and it started working instantly.
Don't see whats up with that port on the switch. Any suggestions?

David