Hi,
It's my first post here.
Context:
- pfSense in HA (CARP)
- HAProxy used in pfSense for:
- SFTP: tcp, clitcpka, srvtcpka, balance=source, stick tables on
source ipv4
- FTPS: tcp, clitcpka, srvtcpka, balance=source, stick tables on
source ipv4
- HTTP
- HTTPS (SSL offloading, ALPN, h2)
- Only one NAT rules to keep packet from backend to go out with CARP WAN IP
(no importance here)
- 2x Ubuntu 14.04 in backend:
- FTP over SSH with SSHd&MySecureShell
- FTPS with Proftpd
- HTTP/HTTPS: Apache 2.4.18
- Firewall rules: the minimum to get this setup working :
- WAN: 2222, 21, 49000-49500 (FTP PASV), 80, 443
- LAN: Authorize my internal networks
The problem:
pfSense seems to drop connection between client and backend servers on all
ports, mainly visible during transfer of many small files on SFTP or FTPS.
The only NAT rule enable/disable does not matter, it is the same.
Only when I disable the firewall (Advanced, Firewall/NAT), we don't get drop
connection.
I already try:
- all "Firewall Optimization Options" and some other advanced options.
- use/not another LAN interface to direct go on the backend servers network
- use/not transparency client IP with pfSense set as gateway on backend
servers
- Tested with default wan address and CARP one
My background:
I use pfSense since near a year (HA and not) and it work well.
I am not a network expert, but I have some good base knowledge
Sorry I am French, I hope it is enough clear.
Regards,
Romain
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
