Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense ce 2.7.2 configured with port forwarding, packet drops randomly (pfsenseplus looks like work)

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 299 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      allenlwli
      last edited by

      I configured port forwarding rules for our application, to allow the client access this application, we need allow 3 tcp and 4 udp ports
      b69f5f5e-a936-4f5a-8bc8-3b54e93eebde-image.png
      then we lauched the connections, but most time it will be failed to connect only few of chance we can connect through.
      I capture network logs on pfsense and client at the same time, from logs on client side i found many retransmit and cause the connection stopped, while i checked logs on pfsense, i found syn/syc+ack, but looks like tcp packet didn't hit on wan interface
      6bdc63c5-3d62-4aa2-8010-01c565ba1b7a-image.png

      i did lots of tuning, such as re-install pfsense ce, enlarge the spec(cpu/mem), tuning parameters, but the same not work

      we did the same on pfsense plus (23.09), looks like it works on pfsense plus.

      so my question is:
      1、is it possible known issue/bug for this case?
      2、how should i trouble shoot further for this kind of issue; in another word, how could i check confirm where and how the packet drop?

      Thanks much for your help!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @allenlwli
        last edited by Gertjan

        @allenlwli said in pfsense ce 2.7.2 configured with port forwarding, packet drops randomly (pfsenseplus looks like work):

        but looks like tcp packet didn't hit on wan interface

        If packets don't hit = arrive (right ?) at the pfSense WAN gate, your pfSense issues is solved, as the issue is upstream.

        Not sure what this is :

        afb3c08a-f61c-4236-bcbb-6bc3f24c334d-image.png

        but for classic port and addresses NATing I never hat to take that setting from 'default'.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 0
        • A
          allenlwli @Gertjan
          last edited by

          @Gertjan
          thank you much for your help
          For NAT reflection, even we tried to use options like system default/disbaled/pure NAT, the same not working

          The thing is if I switch to use pfsense plus (23.09), which is under same subnet as pfsense CE, then the connectivity will be good;
          I am a little bit suspect there is ongoing bug with pfsense CE

          A 1 Reply Last reply Reply Quote 0
          • A
            allenlwli @allenlwli
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • A
              allenlwli
              last edited by

              i finally found the cause, i changed the 'Filter Rule association' from 'pass' to other, i then works
              c64cd004-70ad-491e-b301-eafe18d333f1-image.png

              but the thing is we have default gateway and even i allow all in firewall rule, but nat with filter rule association 'pass', nat still not forward the traffic; looks like it's the bug of pfsense
              3375e8e7-e1fc-4306-8f6a-80cc70841df5-image.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.