• Hi,

    Since a week or so im using Pfsense in a production environement and i'm encountering a serious issue
    im using Pfsense to shield my windows vps server (both hosted on esxi5) with NAT enabled

    users are connecting to irc (port 6667) fine, however sometimes this occurs, and the user is disconnected:

    Aug 9 15:46:30 WAN xx.xx.96.234:55220 TCP:RA
    Aug 9 15:46:14 WAN xx.xx.96.234:55220 TCP:PA
    (goes on 10 times more)

    after this the user reconnects without any further problems
    when i click on more details, this shows up:

    The rule that triggered this action is:

    @1 scrub in on em1 all fragment reassemble
    @1 block drop in log all label "Default deny rule"

    i found an old topic discussing snapshot 2.0, however im running the latest version of pfsense.

    is there a workaround or can this be fixed in an update?


    version pfsense:
    2.0.1-RELEASE (i386)
    built on Mon Dec 12 17:53:52 EST 2011
    FreeBSD 8.1-RELEASE-p6

  • Rebel Alliance Developer Netgate

    That doesn't have anything to do with fragment reassemble, it just also happens to match the rule number that blocked it, 1.