Possibly an issue with TCP window scaling or PMTU-D.
Are the logs generating any drops for the flow ? -----Original Message----- From: Angus Jordan [mailto:[email protected]] Sent: 15 July 2009 22:08 To: [email protected] Subject: [pfSense-discussion] Very odd issue - Transparent Firewall - 2 Locations Hi there, We have deployed 2 pfSense Transparent firewalls at 2 separate locations. The commonality between both locations is their Internet provider. 1) pfSense running directly in the providers co-location (Customer servers -> Astaro NAT firewall -> pfSense Transparent Firewall -> Customer Colo cabinet -> Datacenter routing -> Internet) 2) pfSense running on a T1 that is connected to another cabinet in the same co-location (Customer servers -> pfSense -> T1 -> Customer Colo cabinet -> Datacenter routing -> Internet) The problem: Start a download using any protocol (tcp/udp), any application (http, https, ssh, etc) any size, from any location and the download will stall at a random point. Sometimes the number will be 8MB, sometimes it is 20MB. But if I restart the download immediately, the stall will happen at EXACTLY the same point...so if it stalled once at 8MB, it will stall immediately at 8MB again. This is happening at both of these locations. I've found that changing the "Firewall Optimization Options" to conservative does help some, I was able to download a file up to 300MB and it was OK...although it still does hang quite regularly, so the problem still exists. Does anyone have any ideas for me? I am banging my head against the wall at this point. Help!!! Thank you in advance. Regards, Angus --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
