Pfsense kills browsing



  • Hi guys,

    we are randomly experiencing problem where our workstation just stops http and https browsing (while nothing is being changed with pfsense). Workstations can ping those websites. I have been looking around system logs and filter logs but there is nothing I can see as clue but only this jump of pfnat states

    Installed and configured packages:

    • bandwidthD
      ntopng
      squid
      Squidguard

    I have attached the screenshot - during these ramps it seems so difficult to browse. Everything is solved by restarting pfsense machine
    ![pfnat states.JPG_thumb](/public/imported_attachments/1/pfnat states.JPG_thumb)
    ![pfnat states.JPG](/public/imported_attachments/1/pfnat states.JPG)



  • start by removing known buggy crap:

    bandwithD, squid, squidguard.
    you might aswell remove ntopng while you are at it.

    in 99,9% of the case your problem is now solved.

    if solved:
    start by adding one package at a time and confirm it problem returns or not.

    when you find the culprit, post debug information in the correct subsection of the forum.



  • @heper:

    start by removing known buggy crap:

    bandwithD, squid, squidguard.
    you might aswell remove ntopng while you are at it.

    in 99,9% of the case your problem is now solved.

    if solved:
    start by adding one package at a time and confirm it problem returns or not.

    when you find the culprit, post debug information in the correct subsection of the forum.

    hey heper,

    bandwidthD and ntopNG was installed for a while now like 3 month straight without problems like these. squid and squidguard are the only late additions I had. It puzzles me why this is happening randomly. But I had an idea it is either squid or squidguard, only thing is, we are using these 24/7 to filter http for our company's network blocking unauthorized websites. I have seen no other clue but those ramp with pfnat states

    So if these squid and squidguard packages are buggy, do we have atleast a pfsense version that has a more stable squid/squidguard package?

    and by the way my current pfsense install is 2.1.5 x64



  • packages are independent from pfSense. although the pfSense version can have an impact on some packages performance.

    read up on squid subsection of the forum and read up on the upgrade guide to go from 2.1.5 –> 2.2.4  (import your current config into a VM and see if it works)



  • @heper:

    packages are independent from pfSense. although the pfSense version can have an impact on some packages performance.

    read up on squid subsection of the forum and read up on the upgrade guide to go from 2.1.5 –> 2.2.4  (import your current config into a VM and see if it works)

    2.2.4 pfsense seems to have more problems with packages in my opinion.



  • A thought: Every one of the packages you've installed generates log files - quite big ones depending on traffic volume. Have you checked to see whether your filesystem is getting used up with log data?



  • @muswellhillbilly:

    A thought: Every one of the packages you've installed generates log files - quite big ones depending on traffic volume. Have you checked to see whether your filesystem is getting used up with log data?

    all seems to be logging normal messages. nothing in the logs seems to be a clue.


Log in to reply