Netgate SG-1000 microFirewall

Author Topic: port forwarding stops working and needs reboot to recover  (Read 85 times)

0 Members and 1 Guest are viewing this topic.

Offline ndemou

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
port forwarding stops working and needs reboot to recover
« on: February 27, 2018, 07:33:08 am »
[edit: I'm posting this in case someone can help me fix it --obviously-- but also to get your ideas on better diagnostic procedures. I have a good understanding of networking concepts but very limited freeBSD knowledge (my good Linux background helps but is not always enough).]

So, my pfsense suddenly stopped forwarding ports. After rebooting it all was good for about an hour and then it stopped forwarding again. The 2nd time I tried to clear states (had no better idea) but it didn't help and so I rebooted again and it's been a few hours without the problem appearing. Since I haven't found the root of the issue and it happened twice in one hour I'm worried :(

I did a tcpdump on my WAN and LAN while probing the external port with nmap and observed this situation:

           |     pfsense     |
INTERNET---o-WAN         LAN-o-----HOST
           ^                 ^
        tcpdump           tcpdump

        --syn-->         --syn-->
So SYN packets reach the host on my LAN but the SYN-ACK packets are traced passing my LAN interface but don't reach my WAN interface.

I'm on the latest pfsense version (64bit) since a few days. I have 3 WAN connections. It's been a few weeks with no change in my configuration except switching the default GW from WAN to OPT1.

« Last Edit: February 27, 2018, 11:00:27 am by ndemou »