Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Listen queue overflow error

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 854 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keval.shah
      last edited by keval.shah

      Hello All,

      We are using Pfsense 2.4.2-RELEASE. We have offloaded the SSL certificate in Certificate Manager on pfsense to redirect the requests from port 80 to port 443. We have also configured ACL on frontend. We have noticed that our site receives 25000 to 30000 requests per minute.

      In our kernal logs, we are getting the error "sonewconn: pcb 0xfffff80139c013a0: Listen queue overflow: 193 already in queue awaiting acceptance (16575 occurrences)". It also causes our website to be down.

      We tried the solutions given on the following links, but we have not got any success with them.

      https://forum.netgate.com/topic/85937/pfsense-2-2-3-internet-is-very-slow-via-squid3/4
      https://forum.netgate.com/topic/122775/suricata-log-browser-memory-error/5

      Does anyone have an idea about what could be the cause of this issue and how to solve it?

      Thanks in anticipation,
      Keval shah

      0_1528121577595_1528111919168-error1.jpg

      0_1528121585062_1528111938591-error2.jpg

      0_1528121595468_1528111949876-error3.jpg

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There isn't enough information here to say what's happening. First, you need to upgrade to 2.4.3-p1.

        Next, you need to be more specific about your configuration. How is that redirect configured? It sounds like maybe you're using HAProxy, in which case this thread belongs in the Cache/Proxy category under Packages.

        There are ways to tune the settings to work around that error but we can't say what specific settings are needed unless we know more about what is running on there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          keval.shah
          last edited by keval.shah

          Yes @jimp, we're using HAProxy to run websites and offloading SSLs over there. We use "redirect scheme https code 301 if !{ ssl_fc }" code in Advanced pass thru option in frontend to redirect the requests from port 80 to port 443.

          The site was running in Windows Server 2012 R2 IIS before, so recently we migrated those sites to pfsense for advanced security. And after that all sites went down and found this issue in logs. Our SSLs are bought from COMODO.

          Please tell me if you want more information regarding this.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.