Port forwarding stops working and needs reboot to recover

  • [edit: I'm posting this in case someone can help me fix it –obviously-- but also to get [b]your ideas on better diagnostic procedures. I have a good understanding of networking concepts but very limited freeBSD knowledge (my good Linux background helps but is not always enough).]

    So, my pfsense suddenly stopped forwarding ports. After rebooting it all was good for about an hour and then it stopped forwarding again. The 2nd time I tried to clear states (had no better idea) but it didn't help and so I rebooted again and it's been a few hours without the problem appearing. Since I haven't found the root of the issue and it happened twice in one hour I'm worried :(

    I did a tcpdump on my WAN and LAN while probing the external port with nmap and observed this situation:

              |    pfsense    |
    INTERNET–-o-WAN        LAN-o-----HOST

    ^                ^
            tcpdump          tcpdump

    --syn-->        --syn-->

    So SYN packets reach the host on my LAN but the SYN-ACK packets are traced passing my LAN interface but don't reach my WAN interface.

    I'm on the latest pfsense version (64bit) since a few days. I have 3 WAN connections. It's been a few weeks with no change in my configuration except switching the default GW from WAN to OPT1.

