• I need some help with troubleshooting.

    pfSense 0.95.4
    P4 2.8GHz non HT
    512MB RAM
    HD install
    NAT disabled
    I have set up 2 alias IP's on the LAN interface using ifconfig directly. i.e. my LAN has 3 addresses.

    When I first switch the network to run through the firewall, everything runs great, no issues, but after several minutes, and it might be up to a half hour, suddenly certain ips never recieve packets, establised sessions seem to be working but new ones do not.  The system maintains between 9000 and 14000 states, I have the state limit set to 30000.  Every time it is a different ip that dissapears, and it seems to dissapear one port at a time.  I attaching my filter rules, Trusted is an alias for my three LAN subnets.

    Any help with debugging tools to use would be greatly appreciated, I have read the man for pfctl several times, and it really isn't producing any real usable info for me.


  • Why are you disabling nat and why are you ifconfiging manually?

    If you want to setup stuff manually, use FreeBSD or OpenBSD.

  • No NAT - Because, it is in front of a 27 server hosting cluster that is currently consuming nearly 8 class C's, NAT won't work.
    ifconfig alias - see above, using 8 class C's, divided into 3 subnets, and if pfSense would allow multiple IP's for the LAN without VLAN's, I'd use the interface.
    By the way, I have seen I am not the first to need this function.

    I want to use a product like pfSense because it provides an interface that is simple enough to train others to use, I really don't want to be the only person in the company that can add a firewall rule.  And, there is no reason why it shouldn't work, especially if I can do it with regular xBSD running pf.

    If someone knows of a good way to debug what is going on in real time, I would appreciate it.

  • Use the virtual ip option and setup the ips as CARP or PARP.

    Although inputting 8 class c's is not going to be fun!