Inbound traffic issue



  • Hi,

    I replaced my pfsense server with a new server that has Intel PRO/1000 Quad Port Server Adp PWLA8494MT  board…I downloaded the xml file from the old server and restored into the new server... everything worked just fine as far as the outbound traffic goes...

    then I tested the inbound traffic and I could connect to some servers (windows 2000 Server and Linux) and some I had no access at all.. so I thought it's the firewall rule, I deleted all the existing one and recreated again.. but same thing.. then within few minutes and for some servers within few hours and without changing anything, inbound traffic started to work...

    At first I thought it might be arp cache in Windows.. for some servers I tried to clear the cache but no luck... I even rebooted pfsense...

    I tried to capture some packets (connecting on port 8800):

    04:58:18.670646 00:1e:be:8a:a5:40 > 00:11:43:d9:e9:80, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 119, id 15050, offset 0, flags [DF], proto TCP (6), length 48) xxx.xxx.xxx.xxx.16435 > xxx.xxx.xxx.xxx.8800: S, cksum 0x5797 (correct), 3366709402:3366709402(0) win 65535 <mss 1460,nop,nop,sackok="">04:58:21.686758 00:1e:be:8a:a5:40 > 00:11:43:d9:e9:80, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 119, id 15083, offset 0, flags [DF], proto TCP (6), length 48) xxx.xxx.xxx.xxx.16435 > xxx.xxx.xxx.xxx.8800: S, cksum 0x5797 (correct), 3366709402:3366709402(0) win 65535 <mss 1460,nop,nop,sackok="">the rule is enabled in the firewall of course.. the same connection was working just fine in the old server…the only difference between the old server and the new one is that the new one has more ethernet ports.. interfaces are assign correctly of course...

    what could cause this? why such a huge delay?

    Just to Add that All inbound traffic are working just fine now, almost 7 hours later. I really like to know what could have caused this?

    As far as I my network goes, I have a 100 mbps network, using Cisco Catalyst 3750 routers. I also have a 100 mbps connection from my ISP.. I use pfsense to do 1:1 natting, Virtual IPs, DHCP and basically firewall rules.. no other services are being used.

    Thanks
    Pfsense: 1.2.1</mss></mss>



  • any thought on this?



  • Hmm. Well for a start, you should configure your interfaces then copy over the XML file. Then what you can do is , restore your configuration using the built in option. I assume that you missed configuring the initial interfaces after putting the card in ?

    Also, keep in mind that pfsense's rules wont konw that you changed the interface card so it might be expection old aliases if any. Could be couple of reasons for it to misbehave.  :D Just follow the interface configurations, remove all rules and re-add. It wont take much of your time anyways. Give it a try.



  • No need to delete and re-add rules, that isn't going to change anything. Capture on the internal interface as well. Verify that destination MAC address is what it should be, could be upstream ARP cache since you switched hardware.



  • Thanks…

    it had nothing to do with the interface configuration or deleting and re-adding rules...

    I think it was ARP cache issue more than anything else...


Locked