Sounds like it drops state, connection reset? Try to set optimization longer.
-lsf On Sun, Feb 7, 2016, 18:20 Romain Lapoux <romain.lap...@octopoos.com> wrote: > Hi, > > It's my first post here. > > Context: > - pfSense in HA (CARP) > - HAProxy used in pfSense for: > - SFTP: tcp, clitcpka, srvtcpka, balance=source, stick tables on > source ipv4 > - FTPS: tcp, clitcpka, srvtcpka, balance=source, stick tables on > source ipv4 > - HTTP > - HTTPS (SSL offloading, ALPN, h2) > - Only one NAT rules to keep packet from backend to go out with CARP WAN IP > (no importance here) > - 2x Ubuntu 14.04 in backend: > - FTP over SSH with SSHd&MySecureShell > - FTPS with Proftpd > - HTTP/HTTPS: Apache 2.4.18 > - Firewall rules: the minimum to get this setup working : > - WAN: 2222, 21, 49000-49500 (FTP PASV), 80, 443 > - LAN: Authorize my internal networks > > The problem: > pfSense seems to drop connection between client and backend servers on all > ports, mainly visible during transfer of many small files on SFTP or FTPS. > The only NAT rule enable/disable does not matter, it is the same. > Only when I disable the firewall (Advanced, Firewall/NAT), we don't get > drop > connection. > I already try: > - all "Firewall Optimization Options" and some other advanced options. > - use/not another LAN interface to direct go on the backend servers network > - use/not transparency client IP with pfSense set as gateway on backend > servers > - Tested with default wan address and CARP one > > My background: > I use pfSense since near a year (HA and not) and it work well. > I am not a network expert, but I have some good base knowledge > > Sorry I am French, I hope it is enough clear. > > Regards, > > Romain > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
