Pfsense NAT and websockets


I have just migrated to baremetal kubernetes using pfsense to act as my router/firewall. I have two nat rules that Nat port 443 on the wan to port 443 on a private ip address ( I do the same on port 80. I am using metallb as my load balancer that does layer 2 advertising of This is so the ingress controller Haproxy can have a type “Load Balancer”.

The application I host is strictly a websocket application with looooong connection times…3-4 hours. I am getting random momentary disconnects at the application layer. I am looking to see if there are any tunables in pfsense that could help. Also what would I look at to make sure that pfsense isn’t overwhelmed with connections. This is not going to be an easy solve I know that as there are complicating factors… But I thought I would start at pfsense. Thanks for any advise.


Maybe this is of any help: Websockets being closed after 15 minutes · Issue #654 · metallb/metallb · GitHub

Looks like that setting the “Firewall Optimization Options” to “Conservative” has solved the issue for some users.

Thank you I will try that. What that article talks about is very similar. Fingers crossed. Thanks for the reference.

1 Like