I did some test and does not work (removed all required interface). Here my network setup: - pfSense: WAN: xx.xx.xx.166/27 WAN CARP: xx.xx.xx.165/27 LAN: 10.124.193.206/21 LAN CARP: 10.124.193.205/21 PRIVATE: 192.168.7.6/24 GW_WAN (default): xx.xx.xx.190 GW_LAN: 10.124.199.254 Route: 10.124.0.0/16 => GW_LAN
Routing tables: Destination Gateway Flags Netif Expire default xx.xx.xx.190 UGS vmx0 10.124.0.0/16 10.124.199.254 UGS vmx1 10.124.192.0/21 link#2 U vmx1 10.124.193.205 link#2 UHS lo0 10.124.193.206 link#2 UHS lo0 xx.xx.xx.160/27 link#1 U vmx0 xx.xx.xx.165 link#1 UHS lo0 xx.xx.xx.166 link#1 UHS lo0 127.0.0.1 link#6 UH lo0 - Backend server: LAN: 10.124.192.1/21 Default route: 10.124.193.205 Route: 10.124.0.0/16 => 10.124.199.254 LAN2 (storage access): 10.224.192.1/16 Route print: Destination Gateway Genmask Flags Metric Ref Use Iface default 10.124.193.205 0.0.0.0 UG 0 0 0 eth0 10.124.0.0 10.124.199.254 255.255.0.0 UG 0 0 0 eth0 10.124.192.0 * 255.255.248.0 U 0 0 0 eth0 10.224.0.0 * 255.255.0.0 U 0 0 0 eth1 Regards, Romain From: Espen Johansen [mailto:pfse...@gmail.com] Sent: Wednesday, February 10, 2016 22:50 To: romain.lap...@octopoos.com; pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop Firewall disable = no state = asymmetric routing will not get return packets dropped. Are your servers multihomed? On Wed, Feb 10, 2016, 22:48 Romain Lapoux <romain.lap...@octopoos.com> wrote: I am not agree, because how do you explain that all works correctly when I disable only the firewall feature in pfSense ? Romain -----Original Message----- From: Chris Buechler [mailto:c...@pfsense.com] Sent: Wednesday, February 10, 2016 21:50 To: romain.lap...@octopoos.com; pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop On Sun, Feb 7, 2016 at 12:24 PM, Romain Lapoux <romain.lap...@octopoos.com> wrote: > My last test in conservation optimization, if I upload files with 4 parallel > connections, it drop each in less 10 seconds. > (And don't free them on backend server, they stay ESTABLISHED in netstat. > More than likely because one or more of the hosts involved are dual homed and you have asymmetric routing. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
