Losing connection to pfsense/internet randomly

  • Hello, im running pfsense on an old computer with SG200-50P 50-Port Gigabit PoE Smart Switch and 2 wan connections

    Here is how everything is connected

    2 Internet connection from the same isp(2 separate modem/router combo > pfsense running on desktop computer > cisco switch > my computer and 6 more computers

    the problem im having is when im playing games or browsing the internet i lose connection for like 5 seconds, i always have cmd up pinging, when i lose connection i get General failure and sometimes request timed out at cmd

    Thats happens to computers connected on WAN2 only, WAN1 doesnt lose connection ,just have lags(high latency) but not so common

    Computers connected directly to WAN2 without pfsense or cisco in between had problems with losing internet connection in the past, not sure if it happens now

    But the weird thing is, if WAN2 modem/router is causing this, i should be able to access pfsense webpage when it happens but for some reason i can't access it untill the connection is back

    Atm im waiting for it to happen again to see if i also lose connection to cisco switch

    Meanwhile, could someone point out where the problem could be?


  • post your logs, i bet the modem/router combo is keeping logs too, what does that indicate?

    what kind of nics is the 'old computer' using?

    disable gateway monitoring action under system>routing see if that makes any difference in your situation

  • Not sure where the modem/router combo logs are, i dont think it actually has one, im using ZXHN H108N

    for nics if i understand ur question, im using TP-link gigabit pci express

    i couldnt find gateway monitoring option under system > routing, if u mean in System > Routing > Gateways > WAN2 > Monitor IP, i left it empty

    In Status > System Logs > System > General

    It keeps saying the following over and over

    Gateway alarm: WAN2_DHCP (Addr: Alarm:1 RTT:24.441ms RTTsd:50.345ms Loss:11%)
    /rc.filter_configure_sync: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '65', the output was 'Line 94: bandwidth too large'
    Reloading filter
    Restarting OpenVPN tunnels/interfaces
    Restarting ipsec tunnels
    updating dyndns WAN2_DHCP
    Gateway alarm: WAN2_DHCP (Addr: Alarm:0 RTT:24.996ms RTTsd:49.011ms Loss:6%)
    /rc.filter_configure_sync: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '65', the output was 'Line 94: bandwidth too large'
    /rc.filter_configure_sync: MONITOR: WAN2_DHCP is down, omitting from routing group LoadBalance||WAN2_DHCP|29.992ms|57.18ms|12%|down
    /rc.dyndns.update: 17351MONITOR: WAN_DHCP is available now, adding to routing group LoadBalance||WAN_DHCP|0.8ms|0.118ms|0.0%|none
    Reloading filter
    Restarting OpenVPN tunnels/interfaces
    Restarting ipsec tunnels
    updating dyndns WAN2_DHCP

    Whats openvpn? im not using a vpn nor i did configure one in pfsense

  • Netgate Administrator

    So your WAN2 connection is very lossy. You should fix that.

    Are all your clients being routed via the load-balance gateway group? Or is it set as the default gateway? (that would be invalid).

    For NICs the question really was what driver are they using. So like em0, em1 or maybe re0 re1 etc.


  • I have rule for each client, each client is routed either via wan1 or wan2, not using the load balance gateway group atm

    For nic, WAN2 at re0 WAN1 at re1 and LAN at re2

    WAN2 is lossy at the modem/router or at pfsense?

  • Netgate Administrator

    It's hard to say because you're monitoring which I assume is the local modem. It would be better to set an external monitoring IP to ping against. That said I would not expect to see any packet loss against a local device.

    Line 94: bandwidth too large this indicates a problem with your Limiter setup. Check line 94 in /tmp/rules.limiter.

    Realtek NICs do not enjoy a good reputation. You might consider changing them if you can.


  • Yes is local modem, should i put in monitor ip?

    Realtek is the only nics i could find, i'll see if i can find another later

    I dont know where to look for line 94, dont know where is /tmp/rules.limiter.

  • Netgate Administrator

    Yes it's better to monitor an external IP like But don't use that if you already have it as a DNS server.

    You can open it in Diag > Edit File.

    You could also just check your Limiter setup as it clearly has something misconfigured. Post screenshots we can review.


  • I had a large Net limit rule in firewall, ive deleted it, but i wasnt using it for anything

    Thank you for your time steve

Log in to reply