Hi Greg, Yes, the pfSense does show blocks in on the wan interface. I wish I could send them to you, but for some reason since you sent this email the issue seems to have stopped...but it will be back, I know that.
One thing that I failed to mention in my earlier email is that both of these pfSense firewalls are running inside of VMWare Server (1.0.9) on top of Debian hosts. I know this is not the cause of the issue though, since these problems existed before we virtualized the firewall at one of the sites... Thanks, Angus On Wed, Jul 15, 2009 at 2:18 PM, Greg Hennessy<greg.henne...@nviz.net> wrote: > > > Possibly an issue with TCP window scaling or PMTU-D. > > Are the logs generating any drops for the flow ? > > -----Original Message----- > From: Angus Jordan [mailto:angus.jor...@gmail.com] > Sent: 15 July 2009 22:08 > To: discussion@pfsense.com > Subject: [pfSense-discussion] Very odd issue - Transparent Firewall - 2 > Locations > > Hi there, > > We have deployed 2 pfSense Transparent firewalls at 2 separate > locations. The commonality between both locations is their Internet > provider. > > 1) pfSense running directly in the providers co-location (Customer > servers -> Astaro NAT firewall -> pfSense Transparent Firewall -> > Customer Colo cabinet -> Datacenter routing -> Internet) > > 2) pfSense running on a T1 that is connected to another cabinet in the > same co-location (Customer servers -> pfSense -> T1 -> Customer Colo > cabinet -> Datacenter routing -> Internet) > > The problem: Start a download using any protocol (tcp/udp), any > application (http, https, ssh, etc) any size, from any location and > the download will stall at a random point. Sometimes the number will > be 8MB, sometimes it is 20MB. But if I restart the download > immediately, the stall will happen at EXACTLY the same point...so if > it stalled once at 8MB, it will stall immediately at 8MB again. > > This is happening at both of these locations. > > I've found that changing the "Firewall Optimization Options" to > conservative does help some, I was able to download a file up to 300MB > and it was OK...although it still does hang quite regularly, so the > problem still exists. > > Does anyone have any ideas for me? I am banging my head against the > wall at this point. Help!!! > > Thank you in advance. > > Regards, > Angus > > --------------------------------------------------------------------- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
