• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Listen queue overflow error

Scheduled Pinned Locked Moved Cache/Proxy
3 Posts 2 Posters 854 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    keval.shah
    last edited by keval.shah Jun 4, 2018, 2:13 PM Jun 4, 2018, 11:28 AM

    Hello All,

    We are using Pfsense 2.4.2-RELEASE. We have offloaded the SSL certificate in Certificate Manager on pfsense to redirect the requests from port 80 to port 443. We have also configured ACL on frontend. We have noticed that our site receives 25000 to 30000 requests per minute.

    In our kernal logs, we are getting the error "sonewconn: pcb 0xfffff80139c013a0: Listen queue overflow: 193 already in queue awaiting acceptance (16575 occurrences)". It also causes our website to be down.

    We tried the solutions given on the following links, but we have not got any success with them.

    https://forum.netgate.com/topic/85937/pfsense-2-2-3-internet-is-very-slow-via-squid3/4
    https://forum.netgate.com/topic/122775/suricata-log-browser-memory-error/5

    Does anyone have an idea about what could be the cause of this issue and how to solve it?

    Thanks in anticipation,
    Keval shah

    0_1528121577595_1528111919168-error1.jpg

    0_1528121585062_1528111938591-error2.jpg

    0_1528121595468_1528111949876-error3.jpg

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jun 4, 2018, 8:48 PM

      There isn't enough information here to say what's happening. First, you need to upgrade to 2.4.3-p1.

      Next, you need to be more specific about your configuration. How is that redirect configured? It sounds like maybe you're using HAProxy, in which case this thread belongs in the Cache/Proxy category under Packages.

      There are ways to tune the settings to work around that error but we can't say what specific settings are needed unless we know more about what is running on there.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • K
        keval.shah
        last edited by keval.shah Jun 7, 2018, 8:32 AM Jun 6, 2018, 9:08 AM

        Yes @jimp, we're using HAProxy to run websites and offloading SSLs over there. We use "redirect scheme https code 301 if !{ ssl_fc }" code in Advanced pass thru option in frontend to redirect the requests from port 80 to port 443.

        The site was running in Windows Server 2012 R2 IIS before, so recently we migrated those sites to pfsense for advanced security. And after that all sites went down and found this issue in logs. Our SSLs are bought from COMODO.

        Please tell me if you want more information regarding this.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received