Can't get past gateway

  • I have pfsense currently setup in an apartment complex serving about 150 customers. Everything was working great to through beta 4. Now updating to RC1 I have had issues with many people not being able to get past the gateway. They get the DNS servers correctly, a valid ip, they can ping the gateway just fine, yet they cannot get out.

    any ideas?

  • Check if they have the pfSense as gateway assigned. In case they have set up something static and the wrong gateway is set they can ping the IP of the pfSense IP in their own subnet but can't get past it. Also check firewallrules.

  • they are able to ping the gateway of PFsense. I have even removed my firewall rules for limiting connections per host/client/connecThey only firewall rules up now are all the p2p ports being blocked. I have even increased the number of states even though they aren't filling up but allow more states sense I have removed the connection limit.

    All my last firewall statement is * * * * so basically pass all on WAN and LAN.  p2p rules are specified on both LAN and WAN interfaces.

  • Check the gateway at a client that can't connect and do a tracert.

  • times out after the gateway. I'm thinking maybe the clients are pushing too many connections per second. it seems they can get on here and there and get booted every now and then.

  • do you have a recommendation for about 150 users for a firewall connections limit.

    I was running 15 simulataneous. 150 entries per host. and 1500 connections per second. now running unrestricted and seems to be no issues atm although there is only 30 people online right now.

    edit: trying new settings of 25 simulataneous, 150 per host, 10,000 connections per 5 seconds.

  • 15 simultaneous is a bit low and 1500 new connections/second is a bit high. However, it all depends on the bandwidth you have available at WAN. I guess they were exceeding the 15 simultaneous limit and therefore were blocked.

  • correct me if i'm wrong, but generally running a netstat i hardly ever use over 10-15 connections. i'll bump it up to 25.

  • Really depends on usage. There is no general recommendation for these values.

  • I have question about the connections per seoncd? is that per user/host or for the entire LAN connection

  • It's for the traffic the rule describes you put this in.

Log in to reply