General Questions / SQUID and Gateway Groups
« on: March 27, 2018, 08:11:42 am »

a short Question. I'm currently experimenting with SQUID as a transparent proxy. I have a remote site which have 2 LTE Modems because no other wired possibility. I configured them as a GW Group both Tier1 with sticky connections.

Everything fine as long as Squid is not involved. As soon as squid transparent is enabled it seems everything from squid is only going out on WAN1, not even the default route; because if I disconnect WAN1 and WAN2 is still there, everything transferred over Squid (Port 80 http) isn't reachable at all. 443 https (because not going through squid) is working fine.

Is there any way to make squid using the GW Group?

What I am doing wrong?

Thanks for Ideas.

General Questions / Re: Filecopy over VLANs breaks
« on: February 27, 2018, 08:05:28 am »

yes thats weird.

The Setup uses pfsense running bare metal on two Dell R330 (Intel Xeon CPU E3-1240 with intel server NICs) with a carp setup. Each R330 with 4 Interfaces trunked as LACP (2xWAN, 2x LAN) to the switching hardware. Here we use different juniper switches like ex2200.

In our testing we just had the server on the same switch as the pfsense but different VLAN as the client, Client is connected to another switch. Yes there is wifi but not involved in this issue, wifi is another vlan.

Already tried to disable all the offloading features.

General Questions / Re: Filecopy over VLANs breaks
« on: February 27, 2018, 05:13:27 am »

I'm not 100% what exactly it is, the RST Problem was just a clue but later showed thats not the case those RST were just random unrelated, it looks like something with the TCP Window but also this not for sure. Im totaly in the dark right now. Only thing I know if instead of the pfSense I just use a routing switch to connect both hosts it works. Back to pfSense routing and error is back. The Switch routing is not a option here so this is why I need to figure out whats acutally happening.

The copy progress seems random, like in attached dump first it start with full transfer speed but at < 1s it dropped to 0b/s after 4.14s it restart the SMB by new request and copy again.

The attached log shows client trying to copy from   Client Vlan 113, Server in 102.

It doesnt matter if the Server is a linux Samba or a windows machine.


It's not limited to SMB, a test with a HTTP Transfer did show the same problem.

As said. I have currently no clue and just hoping anybody have seen similar issues before and thankful for any idea.

Thanks in advance

General Questions / Filecopy over VLANs breaks
« on: February 26, 2018, 12:46:15 pm »

I currently have a strange Problem. On a Setup with several VLANS I encounter the Problem that if a PC from VLAN1 transfers a file from a PC in VLAN2 via SMB it randomly stops copying. In a Wireshar I only see some TCP Resets.

The Problem is clearly somehow the pfSense in between, if both PCs are in the same VLAN everything is smooth.

I tried around with TCP Offlloading on/off and so on but unfortunately it doesnt help. Its not just SMB related, also happens with webdav and FTP so in general a file problem. Normal web connections and Download from WAN are not affected at all, Streaming and downloading large files from wan does not show this behavior.

I know it's not easy to tell but if anybody have a any hint what could cause this strange behavior; Apreciated!


General Questions / Re: webUI / nginx no response but SSH fine
« on: February 07, 2018, 07:10:08 am »
thanks, never worked with bin logs before.

But found the problem, pfsense was only running on 443 and somehow the internal CA was missing nginx couldnt load. Changed via viconfig to enable port 80 http, recreated a cert and done.

- solved -

General Questions / webUI / nginx no response but SSH fine [SOLVED]
« on: February 07, 2018, 02:17:36 am »

on a small branch pfsense I encountered a strange problem I never had before.
If I try to connect to web UI the session always times out, no changes to the FW were made it just started to show this behavior randomly.

SSH Login on the other hand is fine, if I restart webconf and php-fpm by console still the same problem. Routing FW and setup VPN seems to work without any Problem but no UI anymore.

If I take a look at the nginx log files the strang thing happens, Nginx log is empty only showing some unreadable ASCII Chars.

A nginx -t is fine also nginx process is running. If I manually kill it and start  nginx -c /var/etc/nginx-webConfigurator.conf  no error is reported too.

Any Tipp or suggestion for me would be apreciated, currently is a bad time to reset and reconfigure the whole thing :)

Thanks alot.

NAT / Multi WAN IPs to Multi VLAN NAT
« on: July 28, 2017, 09:46:57 am »

I currently face a little Problem with some NAT. I have a WAN Connection with several public IPs needed to be used by several internal VLANs.

Lets say, my WAN IPs would be - with as my WAN GW. On my LAN I have 5 matching VLAN IDs 2 to 6.

From VLAN 1: to VLAN 5:

What I want to achieve is a normal NAT Operation for those isolated VLANs with a WAN Mapping like: <-NAT-> <-NAT-> <-NAT-> <-NAT-> <-NAT->

Currently I tried to add my public WAN IPs as a "IP Alias" to my WAN Interface and created VLANs with matching DHCP Settings. So far so good, but how do I get the mapping done right? 1:1 Mapping as far as I understood only help me to map to a single host not to a whole /24

Does anybody have some experience with that?

Thanks in Advance

General Questions / Process 'rate' 100% CPU utilization
« on: March 27, 2017, 07:35:56 am »

using pfSense since many years, abolutely happy with it. Last week I installed a new pfSense in my Office and found a odd thing today, one CPU was running at max. since now 16H+ I found that the "rate" process is causing this.

First I thought it might be the WebFrontend stats causing it but even when not logged in and restartet the web UI by console it still consume the CPU.

I ran a TOP and some other Informations here:

Any tipp for me where to look at? There is no Rate limiter or Queues configured on this box, just pretty simple 1 WAN + 1 Failover WAN NAT to one LAN + 1 VLAN for Guests. No enhanced magic done :)

Thanks in Advance for any Ideas.

