In the Alix documentation for that device it mentions that EHCI driver could cause issues and panic conditions in FreeBSD. Maybe you want to randomly toggle that off? Doesn't seem like anything to do with anything, but neither does the rest of this situation... No outbound rules defined besides allow all? LAN address for pfSense static? Gateway defined for WAN? Is the gateway (modem/switch in between) experiencing even short glitches of being down? There are a couple of settings in Advanced, Miscellaneous for schedule states and gateway monitoring if your connection is at all glitchy it may be killing all states for good with these options and not coming back until a full reboot. Mine are both unchecked. Under Interfaces, LAN are you blocking private networks? All cables in the bar good, no kinks, proper terminations, not mixed wiring? I know these are all very basic setup options, but being that neither this list, nor the pfSense list can figure anything out, I want to rule out a simple check box situation before the hardware is suspect. Where does your RAM usage sit? I don't use much more (512MB) but between 256MB and a 500Mhz proc, I am wondering if you are simply pushing that hardware? It should be fine for your bandwidth in a simple setup but the 3 VLANS may be the issue when their bandwidth is combined on the hardware. Mine is virtualized so although my RAM is at that level it is also able to use a Xeon E5 2440. States aren't being eaten up? This is crazy...wish I could be more help! Ryan On Thu, Mar 20, 2014 at 2:09 PM, Ryan Coleman <ryanjcole at me.com> wrote: > They load the first few lines but once it needs another site (say yahoo's CDN on their homepage) it stalls. Google loads but it's all inclusive - no CSS or JS files. > > Email is blocked 90% of the time. > > -- > Ryan Coleman > ryanjcole at me.com > m. 651.373.5015 > o. 612.568.2749 > >> On Mar 20, 2014, at 14:06, Ryan Dunlop <ryan.c.dunlop at gmail.com> wrote: >> >> So are you actually not getting to these pages at all, or are these >> just showing in the log? I ask because pfSense does this a lot. Here >> is a look at my situation: >> >> Mar 20 13:53:32 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:53:32 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:53:13 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:53:13 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:53:02 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:53:02 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:56 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:56 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:54 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:54 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA >> Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FA >> Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:PA >> Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FA >> Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:PA >> >> These are all "blocked". Yet in reality we got to these pages, it's >> simply this: https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection >> >> Although the article talks about it being late arriving FIN packets, >> it does happen to ACK too... Just need to clarify if you are actually >> getting fully rejected from getting anywhere, or if it's a log thing >> you are seeing. I'll look back through your pfsense mailing list >> postings too. >> >> Ryan >> >>> On Thu, Mar 20, 2014 at 11:46 AM, Ryan Coleman <ryanjcole at me.com> wrote: >>> I have an open issue that after about 20-24 hours the firewall stops routing internal data out (I can remote in, I can ping from internal networks, but many simple requests are getting blocked by the default rules). >>> >>> I think I might be pushing my luck with the 3 routed VLANs (4, if you count VLAN1) on the hardware (ALIX 2D13) but I am otherwise completely at a loss for ideas. >>> >>> >>> -- >>> Ryan >>> >>> >>> _______________________________________________ >>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >>> tclug-list at mn-linux.org >>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list