pfSense as AT&T RG successful but minor issue



  • I have successfully replaced our BGW210 RG with pfSense using pfatt netgraph method but having one issue. We have a /26 of static IPs (this is the only network set up on the LAN), behind which are some linux machines running asterisk. Previously I had no problem when SSHing from behind our primary pfSense router (different router utilizing one of the static IPs). Now when I SSH to any of these machines it appears to work fine but after about 30 seconds the connection drops and I have to restart the session. Anyone have any ideas? SSH to anything outside works fine. It appears the RG replacement router is dropping the connection but I don't know where to start looking.



  • FYI - around the time the connection stops responding I see things like this in the firewall logs of the RG replacement pfSense:

    Oct 28 14:59:34 LAN Default deny rule IPv4 (1000000103) X.X.X.1:36231 X.X.X.8:22 TCP:PA
    Oct 28 14:59:34 LAN Default deny rule IPv4 (1000000103) X.X.X.1:36231 X.X.X.8:22 TCP:PA
    Oct 28 14:59:33 LAN Default deny rule IPv4 (1000000103) X.X.X.1:36231 X.X.X.8:22 TCP:A
    Oct 28 14:59:33 LAN Default deny rule IPv4 (1000000103) X.X.X.1:36231 X.X.X.8:22 TCP:PA

    I have an allow all rule on this interface so this shouldn't be an issue. I am guessing this is an anomaly / artifact related to but not directly attributable to the problem.



  • It appears this is happening with all connections, not just SSH.



  • So it was actually an issue in the router behind the RG replacement. I have dual WAN connections set up in it and had failover rules in place for outbound traffic. I decided to create a rule for traffic to the WAN NET to use the default route instead of the failover policy route. Immediately after applying the changes connections are being maintained and there are no more entries appearing in the RG replacement pfSense logs.

    Adding these notes in case of the 1 in a million chance someone else encounters the same issue.


Log in to reply