File Uploads to Internet not working with PF Sense as Gateway



  • PFSense Version: 2.2.2

    On our LAN the PFSense box is our default gateway, so it goes:

    USER PC -> PFSense Box -> Firewall -> Internet

    We've set ANY ANY rules on the firewall of the PFSense Box, which we've had to leave enabled because we do traffic shaping on the box. However, something is causing issues when uploading files (small or large) or submitting form data on certain sites, so far all sites are SSL using port 443. For example, uploading to dropbox.com or slack.com does not work, it will sit there and then time out, same with Gmail attachments.

    There is NOTHING in the firewall logs, or any other logs for that matter, which leaves me to believe that it's not the firewall blocking (not to mention the ANY ANY rules), but I've got no idea what other settings I should be looking at to see what could be causing this. If we remove the PFSense box from the equation (make the firewall the default gateway) everything is fine.

    Does anyone have anything I could check out? I did a packet capture, however I'm not too knowledgeable in what to look for, but it looked like all the communication was one way, USER PC -> website, with no replies coming back.


  • Banned

    That means you were doing it wrong since floating rules is not necessary.



  • I just got a call, the person who made the floating rule change had made a mistake, it's still broken (so I deleted the message to save on confusion). He had left the packet filtering disabled after making that floating rule change, so everything was working, but only because the firewall was disabled, so we're in the same boat as the original message.


  • Banned

    Why don't you just unplug the pfSense box since it's absolutely useless there. (Don't forget to come back to tell how it all of a sudden started working after doing so; I'm all ears.)



  • It's not useless, we need it for QoS when data goes out it's WAN interface…. but thanks for the suggestion.......


  • Banned

    You cannot get any QoS with packet filter disabled.



  • @doktornotor:

    Why don't you just unplug the pfSense box since it's absolutely useless there. (Don't forget to come back to tell how it all of a sudden started working after doing so; I'm all ears.)

    Speaking of useless…..



  • @doktornotor:

    You cannot get any QoS with packet filter disabled.

    Wow….another gem...



  • @doktornotor:

    You cannot get any QoS with packet filter disabled.

    Packet filtering IS enabled, if we disabled it then our problem is solved, but we need it for QoS… like I mentioned in the first post (unless calling it the firewall is incorrect, then my mistake).


  • Banned

    You just told us you disabled it. With that, the whole pfSense box is sitting there completely useless. Since you posted absolutely ZERO information about your traffic shaping setup, perhaps try a crystal ball.



  • We've set ANY ANY rules on the firewall of the PFSense Box, which we've had to leave enabled because we do traffic shaping on the box.

    Packet filtering IS enabled, if we disabled it then our problem is solved, but we need it for QoS.

    He had left the packet filtering disabled after making that floating rule change, so everything was working, but only because the firewall was disabled, so we're in the same boat as the original message.

    Packet filtering IS enabled….

    I never posted any information about traffic shaping because I wasn't asked for it. My whole question was on things that I should take a look at....other then a crystal ball.


  • Banned

    @Neostim:

    I never posted any information about traffic shaping because I wasn't asked for it.

    No shit… The only thing the box is supposed to do is traffic shaping, and you need a special request to post relevant info?  ::)



  • Try a packet dump and see if the packets are indeed coming in and going out. PFSense typically works out of the box for simple setups like connecting out to the Internet with QoS, so for things to not work typically requires the admin to make a bunch of changes.

    P.S. they may seem a little rough around the edges, but they know what they're doing and they're helping you learn to anticipate what information to provide instead of a ton of back and forth.



  • Thanks Harvy66,

    I've done a packet capture and everything seems to be going back and forth without issue (from what I can tell).

    One thing I've found, files upload without any issue if they are under ~50kb, as soon as they are larger then 50kb they wont upload, unless I turn off packet filtering of course.