State table quickly growing on small network

mikenchi

Hello all,

I'm looking for some guidance on troubleshooting a problem with a newly installed pfSense router/firewall (my 1st). Last Thursday, I set up a Netgate ALIX box pre-installed with pfSense 1.2.3-RC2. I finished configuration about 10PM and went home. The next morning, I logged in at about 9AM to check things out (using RDP ports that are temp open until I set up VPN) and all was well.  Later at 11AM, I tried to log in again and could not. I called the office and they said they could not access internet. When I got there, I could not open the web interface, and no response from pinging the device. Local console ifconfig showed that both interfaces were active. I tried to ping a server from the pfsense console, and got 'ping: sendto: Operation not permitted'.

At this point I rebooted the router and everything started working again. I watched the router throughout the day and noticed that the state table was getting close to the default limit of 10,000 states. I raised the limit of states to 50,000 to prevent a problem. Looking today, the states are at 21124/50000, and the last reboot was at about noon yesterday. This network is relatively small, 13 computers and 2 servers. I don't have any unusual settings on the box, it's a brand new install. I only added RDP ports access, everything else is default configs. Network is pretty basic, pfsense lan side is connected to a switch, which has one other switch attached to it. The wan side is connected to a public IP address.

Other settings:
Enable Secure Shell: Checked
Firewall Maximum States: 50,000
Disable NAT Reflection: Checked
Allow DNS server list to be overridden by DHCP/PPP on WAN: Checked
WAN Interface:
 Static IP
 Block private networks: Checked
 Block bogon networks: Checked

LAN Interface:
 Static IP
 Bridge with: None

No VLANS configured

Port forwarding: RDP 3389, plus 3387 & 3388 to 3 internal hosts
1:1 None

Outbound:
Automatic outbound NAT rule generation (IPsec passthrough) selected

Is it normal for such a small number of computers to need so many states? and for it to reach such a high number in less than a day's time? Any advice on how to prevent the state table from growing so large? I looked at the RRD graphs and do not see any high volumes of traffic. Throughput has a high of 800K. Let me know if I can provide any other information to assist troubleshooting.

Thanks!!

ryates

Take a look at this thread.  My guess is that you picked up a version with a state bug.

http://forum.pfsense.org/index.php/topic,16971.0.html

Note that there is a forum for 1.2.3 rc2 as it is not yet the stable release - as you have found out :)

ryts

mikenchi

Thanks ryates. That was the problem. I re-flashed the box with 1.2.2 and it's working great now.