This is an approximate home Network. My PFsense has 4 ports but currently using 3 of them. The local subnet is 10.27.192.0 /24. Subnet 2 is 192.168.55.0 /30 since my ISP WIFI router feeds from there and is Isolated. on 10.27.192.2 resides the link that connects my Cisco Router Kronos to the PFsense. I placed the corresponding FW rules and routes statically(I would like Lawrence to teach how to use Dynamic routing in PF sense) since my Cisco router uses OSPF for the rest of the network. My issue resides when RDP to a server located in 172.16.1.0 /24 or other than local (10.27.192.0 /24) the RDP session drops after minimum 30 seconds. If I RDP to my physical server in 10.27.192.1.42 the rdp session does not drop. But if it resides in another network like 172.16.1.2 /24 t drops constantly. I would like to know if there is a setting in the PFsense that I need to adjust to mitigate this issue?
I am not aware of any setting in pfsense that would cause it to drop but it could be because you have extra static routes this might be the issue:
Go to System–>Advanced–>Firewall & NAT. Look about halfway down the page, for a checkbox “Static route filtering” with flavor text “Bypass firewall rules for traffic on the same interface”. Check that. Scroll to the bottom, and click Save.
There are also a few results that might be helpful in the Netgate forums:
I tried but I still have issues when RDP to the server in a different subnet. I know that in your article says o trunk the configuration, That would defeat my purpose because I am trying to make it as close as an enterprise as possible, where 10.27.192.0 network would be considered a DMZ and the internals would be internal 172.16.1.0 /24. I also tried creating a virtual interface under lan1 but the cisco router did not played well. Can a router played like a trunk interface?
The Issue reside that I can not use SMB because it drops as well. Before using PFsense I never had an issue at all.
I have no special settings and I can RDP from home across a site to site openVPN, or RDP from my desk to my lab rack (192.168.x.x to 172.30.x.x) without dropping. The only router handling all this is my pfsense servers (one at work and one at home). Wan on one port, 192.168.x.x on another port, and 172.30.x.x on the third port. VPN connects to 172.31.x.x at home over a very long and convoluted path full of different NAT. I also can move files on SMB or NFS between all of these networks.
pfsense can also handle multiple vlans on a single interface if the NIC card will allow it.
One thing to check in pfsense is the setting to offload headers and checksums, if your card doesn’t support it, you might get something similar happening. system → advanced → networking
You can see that I had to defeat part of this on my firewall, the NIC is a little too old to handle it, works fine on my firewall at home. Without this one part defeated, I would constantly get connections dropping to the WAN, not sure about the rest of the networks but I would guess they would drop as well.
Thanks for the reply @Greg_E . I proceed to make the adjustment. I want to let know that my PFsense is a physical appliance not a logical one. In the beginning it was still dropping it, after a little while it started to be stable but then there was the issue with SMB when trying to place a file from a local computer to the server (from 10.27.192.x to 172.16.1.x) I was able to make the connection, but when the files were in transit it “disconnected”. The folder was not that large (400 mb) short after it started work properly. I do not know why yet. I will try testing it full blow between Thursday and Friday. With all my 4 servers, 2 vms client and a vpn computer as well. I really hope that it stays stable.
@Greg_E You can mark this as resolved, I followed your picture plus the interface filter in FW settings and so far, no more dropping issues. I am very grateful with this Lawrence community.
