State table quickly growing on small network



  • Hello all,

    I'm looking for some guidance on troubleshooting a problem with a newly installed pfSense router/firewall (my 1st). Last Thursday, I set up a Netgate ALIX box pre-installed with pfSense 1.2.3-RC2. I finished configuration about 10PM and went home. The next morning, I logged in at about 9AM to check things out (using RDP ports that are temp open until I set up VPN) and all was well.  Later at 11AM, I tried to log in again and could not. I called the office and they said they could not access internet. When I got there, I could not open the web interface, and no response from pinging the device. Local console ifconfig showed that both interfaces were active. I tried to ping a server from the pfsense console, and got 'ping: sendto: Operation not permitted'.

    At this point I rebooted the router and everything started working again. I watched the router throughout the day and noticed that the state table was getting close to the default limit of 10,000 states. I raised the limit of states to 50,000 to prevent a problem. Looking today, the states are at 21124/50000, and the last reboot was at about noon yesterday. This network is relatively small, 13 computers and 2 servers. I don't have any unusual settings on the box, it's a brand new install. I only added RDP ports access, everything else is default configs. Network is pretty basic, pfsense lan side is connected to a switch, which has one other switch attached to it. The wan side is connected to a public IP address.

    Other settings:
    Enable Secure Shell: Checked
    Firewall Maximum States: 50,000
    Disable NAT Reflection: Checked
    Allow DNS server list to be overridden by DHCP/PPP on WAN: Checked
    WAN Interface:
     Static IP
     Block private networks: Checked
     Block bogon networks: Checked

    LAN Interface:
     Static IP
     Bridge with: None

    No VLANS configured

    Port forwarding: RDP 3389, plus 3387 & 3388 to 3 internal hosts
    1:1 None

    Outbound:
    Automatic outbound NAT rule generation (IPsec passthrough) selected

    Is it normal for such a small number of computers to need so many states? and for it to reach such a high number in less than a day's time? Any advice on how to prevent the state table from growing so large? I looked at the RRD graphs and do not see any high volumes of traffic. Throughput has a high of 800K. Let me know if I can provide any other information to assist troubleshooting.

    Thanks!!



  • Take a look at this thread.  My guess is that you picked up a version with a state bug.

    http://forum.pfsense.org/index.php/topic,16971.0.html

    Note that there is a forum for 1.2.3 rc2 as it is not yet the stable release - as you have found out :)

    ryts



  • Thanks ryates. That was the problem. I re-flashed the box with 1.2.2 and it's working great now.


Log in to reply