• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfsense ce 2.7.2 configured with port forwarding, packet drops randomly (pfsenseplus looks like work)

Scheduled Pinned Locked Moved NAT
5 Posts 2 Posters 316 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    allenlwli
    last edited by Jul 30, 2024, 11:53 AM

    I configured port forwarding rules for our application, to allow the client access this application, we need allow 3 tcp and 4 udp ports
    b69f5f5e-a936-4f5a-8bc8-3b54e93eebde-image.png
    then we lauched the connections, but most time it will be failed to connect only few of chance we can connect through.
    I capture network logs on pfsense and client at the same time, from logs on client side i found many retransmit and cause the connection stopped, while i checked logs on pfsense, i found syn/syc+ack, but looks like tcp packet didn't hit on wan interface
    6bdc63c5-3d62-4aa2-8010-01c565ba1b7a-image.png

    i did lots of tuning, such as re-install pfsense ce, enlarge the spec(cpu/mem), tuning parameters, but the same not work

    we did the same on pfsense plus (23.09), looks like it works on pfsense plus.

    so my question is:
    1、is it possible known issue/bug for this case?
    2、how should i trouble shoot further for this kind of issue; in another word, how could i check confirm where and how the packet drop?

    Thanks much for your help!

    G 1 Reply Last reply Jul 30, 2024, 4:50 PM Reply Quote 0
    • G
      Gertjan @allenlwli
      last edited by Gertjan Jul 30, 2024, 4:50 PM Jul 30, 2024, 4:50 PM

      @allenlwli said in pfsense ce 2.7.2 configured with port forwarding, packet drops randomly (pfsenseplus looks like work):

      but looks like tcp packet didn't hit on wan interface

      If packets don't hit = arrive (right ?) at the pfSense WAN gate, your pfSense issues is solved, as the issue is upstream.

      Not sure what this is :

      afb3c08a-f61c-4236-bcbb-6bc3f24c334d-image.png

      but for classic port and addresses NATing I never hat to take that setting from 'default'.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      A 1 Reply Last reply Aug 1, 2024, 2:59 AM Reply Quote 0
      • A
        allenlwli @Gertjan
        last edited by Aug 1, 2024, 2:59 AM

        @Gertjan
        thank you much for your help
        For NAT reflection, even we tried to use options like system default/disbaled/pure NAT, the same not working

        The thing is if I switch to use pfsense plus (23.09), which is under same subnet as pfsense CE, then the connectivity will be good;
        I am a little bit suspect there is ongoing bug with pfsense CE

        A 1 Reply Last reply Aug 1, 2024, 6:26 AM Reply Quote 0
        • A
          allenlwli @allenlwli
          last edited by Aug 1, 2024, 6:26 AM

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • A
            allenlwli
            last edited by Aug 8, 2024, 7:52 AM

            i finally found the cause, i changed the 'Filter Rule association' from 'pass' to other, i then works
            c64cd004-70ad-491e-b301-eafe18d333f1-image.png

            but the thing is we have default gateway and even i allow all in firewall rule, but nat with filter rule association 'pass', nat still not forward the traffic; looks like it's the bug of pfsense
            3375e8e7-e1fc-4306-8f6a-80cc70841df5-image.png

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]