You can try to set "Firewall optimization options" in the Advanced page to "aggressive" and see if that helps.
-lsf On 12/15/06, Odette <[EMAIL PROTECTED]> wrote:
Hi, I'm not able to find a solution to this problem: I've got some devices on the WAN net that need to open telnet connections to a telnet server on the LAN net. (OK, don't tell me anything about incoming telnet from WAN. At the moment I need to go on this way... ) LAN is bridged with WAN. I've set up the FW rules and everything works fine. But... It often happens that the devices need to be resetted while a telnet connection is estabilished. In this case, when the device "reboots" I have to wait many minutes to estabilish a telnet connection. Looking at the FW state logs, I see that every "regular" telnet connection is coming from the x port of the device where x is everytime the same. Every time the device reboots, the new connection, estabilished just waiting many minutes, comes from port x+1. On the FWStates log, I see that the old state is still active. If I delete the FW states table before rebooting the device, the new connection after reboot is estabilished immediately. Furthermore, if I connect the device directly on the LAN switch, (excluding PFSense filtering), I can reboot the device and have the new connection immediately. I have not been able to analyze the network traffic, but I suppose that the device tries everytime to estabilish the telnet connection form port x and this is happening 1. A connection is estabilished 2. PFSense keeps an active state DEV:x ==> SRV:23 3. Devicereboot 4. Device tries to estabilish a new connection (Syn from DEV:x to SRV:23) 5. PFSense knows from it's states table that a connection DEV:x ==> SRV:23 is already estabilished and drops the new DEV:x ==> SRV:23 Syn packet 6. After some minutes the device reaches the time-out and tries a new connection from port x+1. This new connection works fine. I've being trying to solve the problem by configuring PFSense 1. inserting a new pass rule SRV:23 ==> DEV:(x...x+5) 2. not to keep (Firewall: Rules: Edit: State Type: (Advanced) None) the state for the "pass" rules DEV:(x...x+5) ==> SRV:23 SRV:23 ==> DEV:(x...x+5) It doesn't work, even after rebooting PFSense. Furthermore, I can see the the state in the States table. So I suppose that the advanced option "State type: none" doesn't work. I also tried to set a state timeout to 10 seconds. The same effect: I can see the connection state on the active state table for a long time. Any suggestion-info-idea? Thanks in advance to everybody Odette
