Hello Everyone.

First i am sorry for my bad Russian language. But i am understand your language. You may write in your language.

I have two types internet users: Domain Based (500 users) and IP Based (1000 users). I have already configured FreeBSD 8.2 server, with Squid, PF and Samba. We have already added this server to our monitoring systems (Whatsup Gold) with the ICMP protocol. Every 4-5 minutes it is monitoring our server and gives an alarm for when our FreeBSD server goes down. After a few seconds it goes up. But we are doing [cmd]ping server_lan_side_ip[cmd] to this server on down time it looks fine :) Ping does not interrupt. In this time our end users (NAT and proxy users) called to us : "Our internet connection lost or web pages not responding."

My pf.conf :

### managed by puppet.
# do no edit manually. use /var/puppet/templates/firewall/pf.conf.erb instead
ext_if="em0"
ext_ip="85.132.24.74"
int_if="vr0"
sync_if="msk0"
vlan1000_if="vlan1000"
safe_ports="{ 53,8080,22,8140 }"
safe_nat_ports="{ 110,25,143,993,443,587,465,995,3000,389,21,20,53,161 }"
table <clients> persist file "/etc/clients.conf"

#set block-policy drop
#set skip on lo0
#set skip on $int_if
#set skip on $vlan1000_if
#set debug misc

scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from 192.168.99.128/25 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from 12.0.0.0/21 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from <clients> to any -> $ext_ip
anchor "ftp-proxy/*"

pass in all
block out quick on ext_if proto tcp to port 445
block out quick on ext_if proto udp to port 445
pass out all
antispoof quick for { lo $int_if }

# allow pfsync over the internal nics connected by a cross cable
#pass quick on $sync_if proto pfsync
#pass quick on $int_if proto carp
#pass quick on $ext_if proto carp
#pass quick on $vlan1000_if proto carp
#pass in quick on $ext_if proto tcp to ($ext_if) port 5631
#pass in quick on $int_if proto tcp to 12.0.0.1 port 53
#pass in quick on $int_if proto udp to 12.0.0.1 port 53
#pass in quick on $int_if proto tcp to 12.0.0.1 port 8080
#pass in quick on $int_if inet proto icmp all
#pass in quick on $ext_if inet proto icmp all
#pass in quick on $vlan1000_if inet proto icmp all

What is the problem? I don't know. Please help to us. Thanks!