Pfsense ignores/blocks machines after high traffic

chpalmer

What kind of hardware are you running on?

Sounds like state exhaustion but cant know until more info.

:)

bollerup

A hp U1 server

2gigs of memory
Version 2.0.2-RELEASE (amd64)
built on Fri Dec 7 22:39:16 EST 2012
FreeBSD 8.1-RELEASE-p13
Platform pfSense
CPU Type Intel(R) Pentium(R) D CPU 2.80GHz

What info can i get for you ?

chpalmer

On your dashboard look for "states" like the picture below.  In my picture Ive just rebooted. (still getting calls asking why the internet is down…  ;D)

The number on the right of the slash is maximum your box is set for.  The number on the left is present.  What are those?

bollerup

Sorry, got confused there :)

Last config change Thu Apr 4 20:46:09 CEST 2013
State table size
Show states
MBUF Usage 2724/25600

chpalmer

The one you show is MBUF. What does the "State Table Size" above it show?

The first number should increase as traffic increases.  You might try increasing the maximum states on    "System-Advanced-Firewall/NAT  Firewall Maximum States"

Try 1million and see if your problem ceases.

bollerup

Increased and let it run over night - same problem.. it kills the connection to any server with high traffic for XX minuts… something like 20 mins...

josekym

Go to Diagnostics->Tables and check your "virusprot" table to see if the IP addresses of the affected hosts are listed.  Maybe the high-bandwidth sessions are triggering the lockout via a firewall rule.

bollerup

Allready checked that, table is empty.

I tried to upgrade to latest dev. version - same issue.. still have to reboot the machine to get the systems back on track..

chpalmer

Apr  4 19:50:16 pfsense check_reload_status: Syncing firewall
Apr  4 19:50:16 pfsense check_reload_status: Reloading filter
Apr  4 19:50:28 pfsense apinger: Error while feeding rrdtool: Broken pipe
Apr  4 19:52:33 pfsense check_reload_status: Syncing firewall
Apr  4 19:52:33 pfsense check_reload_status: Reloading filter
Apr  4 19:55:01 pfsense php: : Creating rrd update script
Apr  4 19:55:28 pfsense apinger: Error while feeding rrdtool: Broken pipe
Apr  4 20:00:02 pfsense php: : Creating rrd update script
Apr  4 20:00:28 pfsense apinger: Error while feeding rrdtool: Broken pipe
Apr  4 20:05:01 pfsense php: : Creating rrd update script
Apr  4 20:05:28 pfsense apinger: Error while feeding rrdtool: Broken pipe
Apr  4 20:08:50 pfsense php: : Creating rrd update script
Apr  4 20:09:28 pfsense apinger: Error while feeding rrdtool: Broken pipe
Apr  4 20:10:01 pfsense php: : Creating rrd update script
Apr  4 20:10:28 pfsense apinger: rrdtool respawning too fast, waiting 300s.
Apr  4 20:15:02 pfsense php: : Creating rrd update script
Apr  4 20:15:28 pfsense apinger: Error while feeding rrdtool: Broken pipe

Just noticed you added this to your first post after my reply…

Can you provide a topography of your setup?  Looks like your WAN port goes down.

What kind of connection?

Who is the provider?

What are your provider advertised speeds?

Ect-

bollerup

Hi,

Actually.. WAN stays online since i dont get disconnected from that.

Its hosted at Indicate in sweden to a 1gbit fiber connection - our ClearOS gateway servers are stable without issue… ironically - we firsted tested a virtual pfsense in hyper-v based on Alex's work - that one would crash and restart on high load.

Our provider have 2 x 1gbit fiber and we are connected directly to that.

Its worth to notice that i use nginx (also tested with squid) as a reverse proxy - however - there is no diffrence on wether i just use nat or the reverse proxies - it feels like i have i have tried every solution i can come up with and the logs dosent give any clear indication on why it happends.. to me it seems clear that pfsense is blocking the machine, since eg. server1 can be accesible while 2+3 is not.. first the servers is cut of.. then the webconfig becomes inaccesible .. then the machines sooner or later come back.. only to die 10-15 mins. later

cmb

Is it hitting the states limit? That's the exact symptoms of maxing out your state table. You can see in the RRD graph, System tab, states.

bollerup

states was set to 1mill limit earlier..

bollerup

Issue resolved by reinstalling the server with 32bit version.. seems to me that 64bit version of pfsense have driver issues with some network cards… or something like that.

Thank you for all of your help.

Bit of a note, webconfig still dies once in a while.. a 5 or 10 min. cronjob to restart the webconfig fixes that.

*/5 * * * * /scripts/fixwebconfig.sh >/dev/null