Hi, It's my first post here.
Context: - pfSense in HA (CARP) - HAProxy used in pfSense for: - SFTP: tcp, clitcpka, srvtcpka, balance=source, stick tables on source ipv4 - FTPS: tcp, clitcpka, srvtcpka, balance=source, stick tables on source ipv4 - HTTP - HTTPS (SSL offloading, ALPN, h2) - Only one NAT rules to keep packet from backend to go out with CARP WAN IP (no importance here) - 2x Ubuntu 14.04 in backend: - FTP over SSH with SSHd&MySecureShell - FTPS with Proftpd - HTTP/HTTPS: Apache 2.4.18 - Firewall rules: the minimum to get this setup working : - WAN: 2222, 21, 49000-49500 (FTP PASV), 80, 443 - LAN: Authorize my internal networks The problem: pfSense seems to drop connection between client and backend servers on all ports, mainly visible during transfer of many small files on SFTP or FTPS. The only NAT rule enable/disable does not matter, it is the same. Only when I disable the firewall (Advanced, Firewall/NAT), we don't get drop connection. I already try: - all "Firewall Optimization Options" and some other advanced options. - use/not another LAN interface to direct go on the backend servers network - use/not transparency client IP with pfSense set as gateway on backend servers - Tested with default wan address and CARP one My background: I use pfSense since near a year (HA and not) and it work well. I am not a network expert, but I have some good base knowledge Sorry I am French, I hope it is enough clear. Regards, Romain _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold