States – Crashing PfSense

smeg9 · Apr 19, 2006, 1:36 PM

It seems that if someone has P2P applications etc open, or when the state table is around the 3000 Mark (usually sits between 80 and 600) the internet will go down for everyone.

The webConfigurator goes down, but the direct console seems to work OK.

restarting the webConfigurator doesn't fix it, u have to reboot the whole machine.

Anyone have any suggestions? Maybe u can clear the states via direct input. It's Beta2 running on A Dell Poweredge something,

2 x 500Mhz PIII processors
256MB Registered SDRAM
6GB HDD.

We're running Dual WAN (2Mbit on the 3Com Card, 1Mbit on the SiS 900 Card, LAn on the Intel Pro Server Card) It has been up and running before for months at a time, and I've had P2P working properly before.
??? ???

hoba · Apr 19, 2006, 1:58 PM

Please upgrade to beta3 an report back. In case you are using the loadbalancing feature you should delete the pool and rebuild it with the beta3 gui. There were several loadbalancer fixes.

smeg9 · Apr 19, 2006, 2:22 PM

OK, I shall try at my earliest oppertunity to upgraded, I wanted to be sure that there were changes in beta 3 that might fix it, load balanacer is in use, and thus I'll try, (Is there an Upgrade option, or is it a clean install and then use the backup config?)

hoba · Apr 19, 2006, 2:58 PM

Get the beta3-fullupdate-file from one of the mirrors and feed it to the webgui at system>firmware, manual firmware update. It will reboot after it applied the update. After that apply the small hotfix the same way that can be found at the mirrors as well (this fixes two bugs that were found shortly after beta3 was released). After these steps delete your loadbalancer pool and rebuild it from the beta3 webgui as there were some changes behind the scenes.

smeg9 · Apr 24, 2006, 11:30 AM

???

I've upgraded, and still having problems.

Today it's "crashed" about 4 times, but after about 10 minutes it comes back, as though nothing ever happened.

There is are about 501 states, I increased it to 12,000 by default..

Memory usage is at 14% at the moment.
CPU usage is 1%

Again it's a dual 500mhz PIII system with 256MB Registered SDRAM.

the weird thing about this is that it comes back, but when it's gone I can't even open the web configurator.

The only thing in the system log are loads of these messages:

Apr 24 10:23:39 last message repeated 5 times
Apr 24 10:20:12 slbd[292]: Service changed status, reloading filter policy

sullrich · Apr 24, 2006, 3:44 PM

If you have loads of those messages then your load balancing is not configured correctly. Double check the monitor IP's.

smeg9 · Apr 24, 2006, 4:18 PM

Ok, that makes sense because we only seem to go out on one line..

what should the monitor IP be? our Static IP from the Internet, or something like google.com I read it has to be 1hop to work..

We have two lines like this

ISP1 StaticIP –---- Netgear DG834V1 ------------->PfSense (OPT1)

ISP2 StaticIP ------ Netgear DG834V2 ------------->PfSense (WAN)

smeg9 · Apr 24, 2006, 4:35 PM

http://forum.pfsense.org/index.php?topic=1049.0

I jsut read that, and I've fixed the load balancer, one uses Google's IP address, the other a short hop of one of our ISP's server, still wonder if our own static IP would work or not.

anyway, whatismyip.com now changes when I refresh it, and I'll see if the crashing continue's tomorrow..

jeroen234 · Apr 24, 2006, 7:32 PM

best you put on only 1 wan cable
and test with a pc a trace route to www.google.com
the adress you get as first afther youre router is the monitor adress
now disconect that wan
and put the ather wan online
test agian
you take now a difrent route
find the first hop adress and use that as a monitoradress for the second wan

billm · Apr 24, 2006, 11:09 PM

@smeg9:

Today it's "crashed" about 4 times, but after about 10 minutes it comes back, as though nothing ever happened.

There is are about 501 states, I increased it to 12,000 by default..

Each state eats about 1KByte of ram (this has been covered elsewhere, forum, ML, etc) the default of 10K is the pf default, we don't change it as it's good for our small platforms (64M). My work machines all run with 128K states, I'm going to raise that on my next upgrade to 256K. I've seen some of my machines approach (and hit in a few cases) the 128K state table limit. Your issue is certainly not with PF.

@smeg9:

Again it's a dual 500mhz PIII system with 256MB Registered SDRAM.

p2p is a state hog, with those machine specs, I'd raise the state table size to at least 64K, probably to as much as 128K depending on what packages I had installed (ntop is a memory hog for instance).

–Bill

smeg9 · Apr 26, 2006, 8:20 AM

Alright I'll raise the states… ;D

The Load Balancer is working now I've done the Monitor IP address things, and so far the net hasn't gone down. Thankfully.

I love the new RRD graphs in Beta3 ;)

I still get these messages though.

slbd[11921]: Service changed status, reloading filter policy

And I got (some time in the early hours of the morning)

Apr 26 04:47:26 php: : There were error(s) loading the rules: - The line in question reads []:
Apr 26 04:47:26 kernel: pool_ticket: 993769 != 993770

So I'm still not sure what's going wrong, but hey, the internet seems to be working!!