PfSense dropping https sessions



  • Hi,

    I am hoping someone can help me.

    I keep losing connection to web management interface through the pfsense which is doing the NAT. I have trouble browsing the management interface on multiple devices either on port 443 or other custom ports. This started happening when we introduced the pfsense firewall and it was work fine before hand. Also I can browse the same management interface on other networks with no problems.

    I think I am getting session restarts, I did a packet capture on the pfSense and I think I have isolated the packets when the session drops out. But I am trying to understand what the below packet capture mean. Below are the results with fake IP address.

    192.168.10.62 = PC
    192.168.10.140 = pfsense firewall
    149.251.131.51 = web management interface

    14:27:37.011556 02:70:e0:3f:8a:dd > 02:5f:54:49:ca:39, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 18908, offset 0, flags [DF], proto TCP (6), length 40)
        192.168.10.62.11053 > 149.251.131.51.443: Flags [F.], cksum 0x481b (correct), seq 569, ack 139, win 256, length 0
    14:27:37.011720 02:5f:54:49:ca:39 > 02:70:e0:3f:8a:dd, ethertype IPv4 (0x0800), length 66: (tos 0x2,ECT(0), ttl 128, id 18909, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.10.140.53033 > 149.251.131.51.443: Flags [SEW], cksum 0xf289 (correct), seq 3259163869, win 8192, options [mss 8961,nop,wscale 8,nop,nop,sackOK], length 0
    14:27:37.011751 02:70:e0:3f:8a:dd > 02:5f:54:49:ca:39, ethertype IPv4 (0x0800), length 66: (tos 0x2,ECT(0), ttl 127, id 18909, offset 0, flags [DF], proto TCP (6), length 52)
        192.168.10.62.64671 > 149.251.131.51.443: Flags [SEW], cksum 0xc561 (correct), seq 3259163869, win 8192, options [mss 8961,nop,wscale 8,nop,nop,sackOK], length 0
    14:27:37.024486 02:5f:54:49:ca:39 > 02:70:e0:3f:8a:dd, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 49, id 23818, offset 0, flags [DF], proto TCP (6), length 52)
        149.251.131.51.443 > 192.168.10.62.64671: Flags [S.E], cksum 0x1f02 (correct), seq 3990311130, ack 3259163870, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 13], length 0
    14:27:37.024493 02:70:e0:3f:8a:dd > 02:5f:54:49:ca:39, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 48, id 23818, offset 0, flags [DF], proto TCP (6), length 52)
        149.251.131.51.443 > 192.168.10.140.53033: Flags [S.E], cksum 0x4c2a (correct), seq 3990311130, ack 3259163870, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 13], length 0
    14:27:37.024549 02:5f:54:49:ca:39 > 02:70:e0:3f:8a:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 49, id 23818, offset 0, flags [DF], proto TCP (6), length 40)
        149.251.131.51.443 > 192.168.10.62.11053: Flags [.], cksum 0x4915 (correct), seq 139, ack 570, win 6, length 0
    14:27:37.024553 02:70:e0:3f:8a:dd > 02:5f:54:49:ca:39, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 48, id 23818, offset 0, flags [DF], proto TCP (6), length 40)
        149.251.131.51.443 > 192.168.10.140.53030: Flags [.], cksum 0xa4cd (correct), seq 139, ack 570, win 6, length 0

    can someone shed some light on this? thank you so much for your assistance.


Log in to reply