This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Random connection failures after re-install

Hello,

I recently had to replace the motherboard that I was using for my UTM at home.  It has been working for several years with no problems.

I reinstalled and loaded the saved configuration.  However, while generally it works, I am seeing random but very regular connection failures of outgoing connections, eg. from a web browser on my laptop - either DNS doesn't find the host, or the server doesn't respond and it times out.  I also see similar from a small server I have that downloads mail using POP3, it will work, then just hang. In all these cases retrying always works.

This UTM machine is behind my ISP-provided router, so I am using double-NAT, and there are absolutely no issues from clients connecting to this router directly (this is the workaround when the UTM isn't available). 

I am trying to turn off various services to figure out what the problem is.  The Firewall log (or indeed any of the logs) shows nothing correlated with when the problem occurs (it does show FIN and RST packets dropping later when these failed connections get closed).  I have turned off IPS and it made no difference.  APT and Application Control are turned off. 

I am running a DNS proxy with my ISP's servers configured as forwarders.

I have some DNAT rules so I can get to my email from the external interface, it maps HTTP, HTTPS, IMAP and SSH.

I did have masquerading but I replaced it with an SNAT rule.

Does anyone have any ideas?

How can I configure the UTM to be maximally-transparent, as a diagnostic step?

Any help gratefully received, I am pulling my hair out trying to figure this out.

Thanks

David



This thread was automatically locked due to age.
  • Enable the web proxy in transparent mode.  I will bet the problems disappear (but others may occur).  If you don't use the web proxy with a new installation it drops some packets and limits your speed.  I think I have traced it to the first time the virus definitions load.  I would encourage you to restore from a much earlier version.  Something in the 9.3 range and rebuild your config from scratch.  Things may work as expected if you get everything working in 9.3 and then do the incremental upgrades to 9.5.