Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    State Table full / Out of Sync after update to 2.4.4

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    13 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      Third

      https://forum.netgate.com/topic/138000/states

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      B 1 Reply Last reply Reply Quote 0
      • B
        biggsy @Derelict
        last edited by

        @derelict

        True, but both of those were posted by OutbackMatt about slightly different aspects of the same problem, I thought.

        @magnus1720

        Have you seen any time sync problems like those OutbackMatt described?

        1 Reply Last reply Reply Quote 0
        • M
          magnus1720
          last edited by magnus1720

          @stephenw10
          Once it starts the dashboard doesn’t change at all, clearing states doesn’t help it ether, only a reboot can fix it.
          In the System log I mostly see messages like the below.
          arp: 172.16.80.134 moved from 00:34:da:50:a7:91 to cc:25:ef:8d:f4:51 on hn3

          @biggsy
          No but I have now disabled integration settings for time sync in HyperV.

          I have dumped the state table and imported it to a access database.
          And for destination 8.8.8.8:53 there are 33156 records. (These will be Guest devices accessing internet using googls DNS)
          From local IPs to 8.8.8.8 MULTIPLE:SINGLE

          And from my Domain controller to DNS forwarders there are a total of 64240 records
          This will be domain joined devices
          So, it seems like states are simply not being closed.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Short of rebooting you might try a quick pfctl -d followed by a pfctl -e.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              magnus1720
              last edited by

              @Derelict
              pfctl -d followed by a pfctl -e didn’t change anything. It did confirm the change that pf was disenabled and then enabled again.
              I also updated to 2.4.4-RELEASE-p1 but again I am still seeing the issue.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                You might try disabling pf then clearing the state table from the command line:

                [2.4.4-RELEASE][admin@5100.stevew.lan]/root: pfctl -d
pf disabled
[2.4.4-RELEASE][admin@5100.stevew.lan]/root: pfctl -F states
3 states cleared

                Or indeed if pfctl -s info shows the correct state table size count.

                Steve

                1 Reply Last reply Reply Quote 0
                • M
                  magnus1720
                  last edited by

                  That didn’t change anything ether, but I will reinstall pfsense today and import the config. Perhaps this helps.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    What about the pfctl state table count at the CLI, was that correct?

                    Steve

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      magnus1720 @stephenw10
                      last edited by

                      i did a new install of pfSense on a new VM same host, i used the same config as before, and the issue is back -_-

                      @stephenw10
                      Hi

                      No it dosent show the correct info
                      Below is a output from pfctl -s info where States are at 34572
                      0_1547736652056_states3.PNG
                      But in monetering you can see the real number of states
                      0_1547736786968_states4.PNG

                      1 Reply Last reply Reply Quote 0
                      • M
                        magnus1720
                        last edited by

                        Here is A example of some bad states. Notice how the states expires in 00:00:00
                        0_1547741022342_states6.PNG

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.