I hope someone can help shed some light on that...
network topology :
/24 public IP range -> pfsense 1 WAN IP
pfsense 1 (2.4.4-RELEASE-p3) -> route to /27 part of the range to pfsense 2 WAN IP + rule to pass ANY TCP to public IP range destination
pfsense 2 (2.4.4-RELEASE-p1) -> DMZ interface with 91.x.x.254/27 as IP + rule to pass TCP 443 to 91.x.x.248 (the actual server) on WAN
WAN is the same subnet for both routers, on the same vswitch, with the same gateway.
the server on this public IP serves a PWA that has a TCP keepalive function, sending a JSON to an API endpoint every 5 seconds, to which the server replies with its own JSON. this usually works without issues. everything apart from that keepalive works perfectly well.
the issue is that this TCP keepalive will simply get dropped without warning or closure after 15 minutes. it used to be 1m sharp in "normal" optimization mode.
on pfsense 2 I can see the connection as ESTABLISHED (on both WAN and DMZ, actually) :
DMZ tcp 80.x.x.28:17480 -> 91.x.x.248:443 ESTABLISHED:ESTABLISHED 120 / 71 4 KiB / 8 KiB and incrementing packets every 5 seconds as expected.
on pfsense 1, the same connection shows up like this :
WAN tcp 80.x.x.28:17480 -> 91.x.x.248:443 CLOSED:SYN_SENT 120 / 0 7 KiB / 0 B WAN tcp 80.x.x.28:17480 -> 91.x.x.248:443 SYN_SENT:CLOSED 120 / 0 7 KiB / 0 B the fact that I do not have any packets coming FROM the server on pfsense 1 is weird, I didn't think I had to open anything for this to work but it might be the case?
I'm really not sure what's happening here. any help welcome.
No comments:
Post a Comment