PfSense playing semi-dead after a while



  • tl;dr: pfSense refuses all traffic except for downloads after a while. Can't even ping the pfSense box. Only the downloading computer is affected, all others work just fine.

    I've set up a couple of traffi shaping rules in pfSense. Nothing specific to any particular computer on my LAN, just some rules based on ports of internet servers. Traffic is correctly assigned to the shaping queues. Downloads run via a specific port, so I've set those up to be handled with the lowest priority and they correctly make way when more important traffic needs to go through. So far, so good.

    When downloading some things, after a while all other traffic from the computer that is running the downloads is blocked by pfSense. Except for the downloads, which continue nicely. When this happens I can't even ping my pfSense box. It is as if it's dead, if it weren't for the downloads that for some reason still work. When this happens, only the computer running the downloads is affected. Connectivity of other machines on my LAN isn't affected in the least.

    As soon as I pause the downloads, pfSense jumps back to life and all other internet traffic to and from this computer is working again as if nothing ever happened. Yet when I continue the downloads, pfSense immediately plays dead again. Resetting the states fixes the problem temporarily. It'll be back a couple hours later.

    Anybody got an idea of what is going on? Any help or pointers will be greatly appreciated. Any specific configuration settings you might want to take a look at?



  • Only new connections from the computer doing the downloads is affected?  I think that's what you're saying just want to make sure.  Since resetting the states clears it for a while, it sounds like something with some limits somewhere.  If you turn off traffic shaping do you have the problem?



  • The downloader is SABnzbd, set up to use 6 connections to the server. Whenever a part is downloaded, the connection is closed and a new one opened to download the next part. When this issue appears, establishing new connections works just fine for the downloader. Anything else times out.