larger files not serving through pfsense
-
Hi,
My laptop and web server and connected via a Netgate SG-3100 running the latest pfsense version (2.4.4-RELEASE-p3 (arm) ). Everything has been working fine until a week or so ago.
When, on my laptop, I request a 61K file from my web server, it arrives.
When, on my laptop, I request a 62K file from my web server, it does not arrive.
When, in a shell on the Netgate SG-3100, I request that same 61K file from my web server, it arrives.
When, in a shell on the Netgate SG-3100, I request that same 62K file from my web server, it arrives.Observations:
- the 61K file can be fetched from the Netgate
- the 61K file can be fetched from behind the Netgate
- the 62K file can be fetched from the Netgate
- the 62K file cannot be fetched from behind the Netgate.
Both the 61K and 62K files are test files I created that contain only spaces.
I created these files to pinpoint the problem, the original problem was that bootstrap.css would not load and when investigating it turned out that the problem is - or seems to be - related to the file size.Can there be any size limit or packet inspection in the Netgate that is causing this?
-
No there would not normally be anything behaving like that.
How are the client, server and SG-3100 arranged during this test?
Do you see any blocked traffic in the firewall log?
Are you running Snort or Suricata?
Steve
-
@stephenw10 said in larger files not serving through pfsense:
Are you running Snort or Suricata?
No
Do you see any blocked traffic in the firewall log?
No
How are the client, server and SG-3100 arranged during this test?
I tried 2 setups:
- Client -> OpenVPN on Netgate -> Server
- Client -> SSH tunnel -> Server
It is very strange. When connecting through OpenVPN I get the 61K works/62K does not work problem.
When I connect through the SSH tunnel I get the same but now for different files. The 62K file works but when I curl a jquery.js it just stops halfway. When I try again it stops again but somewhere else halfway. -
Hmm, odd.
I would take packet captures on WAN (or OpenVPN if that's how you're connected) and LAN covering the failed transfer.
You might also try just setting up a port forward and connecting directly just as a test.
Steve
-
@stephenw10 it looks like it is not related to pfSense.
I set up a port forward like you suggested.
To a Windows computer (I tried Windows 10 on a Dell laptop and Windows Server 2016 on GCE) the file is still not being served. To a Linux computer (I tried Firefox on CentOS and Firefox on Ubuntu) the file is being served.
I will continue my investigation in the OS arena.Thanks for your support.
-
No worries. Nice catch!
-
This post is deleted!