LAN clients continuosly getting interrupts at connections… microcuts.
-
Hello:
By example:
- SSH connections with WAN servers being interrupted in less that a minute.
- Mysql connections with WAN servers also
- Gmail web and gchat
- Spotifys, etc….
Scenario:
Vmware with pfsense 2.0.1
3 real and virtual interfaces: WAN, SERVERS, LAN (all of them bridged with the physical ones at vmware net)Now testing, only my PC through pfsense server.
Case 1:
- PC (LAN) -> PFSENSE (LAN interface) -> ROUTER -> WAN SERVER
SSH session got interrupted in less than a minute
Case 2:
- PC (SERVERS) -> PFSENSE (SERVERS interface) -> ROUTER -> WAN SERVER
SSH session got interrupted in less than a minute
Case 3:
- Inside PFSENSE, through shell.... -> ROUTER -> WAN SERVER
SSH session all right, without cuts... for several minutes
Case 4:
- PC -> ROUTER -> WAN SERVER (without using PFSENSE)
SSH session all right, without cuts... for several minutes
The same applies to any kind of connection established, SSH, MYSQL, etc... also gmail through https got interrupt, by example..
What could I do???
PF Info
Status: Enabled for 0 days 00:36:41 Debug: Urgent
Interface Stats for em0 IPv4 IPv6
Bytes In 1312682 144
Bytes Out 2342 160
Packets In
Passed 9987 0
Blocked 1741 2
Packets Out
Passed 17 0
Blocked 0 2State Table Total Rate
current entries 25
searches 43309 19.7/s
inserts 642 0.3/s
removals 617 0.3/s
Counters
match 5695 2.6/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
divert 0 0.0/spfctl -si
Status: Enabled for 0 days 00:36:41 Debug: Urgent
Interface Stats for em0 IPv4 IPv6
Bytes In 1312682 144
Bytes Out 2342 160
Packets In
Passed 9987 0
Blocked 1741 2
Packets Out
Passed 17 0
Blocked 0 2State Table Total Rate
current entries 25
searches 43309 19.7/s
inserts 642 0.3/s
removals 617 0.3/s
Counters
match 5695 2.6/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
divert 0 0.0/sTIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 28200 states
adaptive.end 56400 states
src.track 0sLIMITS:
states hard limit 47000
src-nodes hard limit 47000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000Thanks.... :-\
-
Hi!
It seems like if "Firewall Optimization Options" at System/Advanced/Firewall, configuration to "CONSERVATIVE" has a lot to do with my problem….
:-\
-
Ok… new problems....
-
If try to upload via FTP PASV mode, a file bigger than 64Kb (I guess or something like that), upload will interrupt.. sometimes the file at the server will be 69Kb, others 128Kb, but the upload won't terminate as being interrupted somehow.
-
Gmail and google keep disconnecting in a strange way... sometimes won't, sometimes falls, sometimes keep "loading" until crash... like if the AJAX of google services crash randomly... the connection established keep falling sometimes.
-
Uploading large amounts of ASCII data via POST to a php form, does terminate incorrectly...
Once again, going directly to router instead of passing through pfsense firewall does fix every problem...
Please, someone could help somehow or give a clue?????????
Now I am using conservative at "Firewall Optimization Options" and at least the connections does not fall, as SSH connections...
Thanks!
-
-
Seems solved! ;D
On the left side, CONSERVATIVE mode for firewall…. on the right side, MTU on the WAN interface needed to be configured at 1492 for a PPPoE ADSL line.
Hope not to encounter new problems... 8)