5. State table quickly growing on small network

State table quickly growing on small network

  • M

    Hello all,

    I'm looking for some guidance on troubleshooting a problem with a newly installed pfSense router/firewall (my 1st). Last Thursday, I set up a Netgate ALIX box pre-installed with pfSense 1.2.3-RC2. I finished configuration about 10PM and went home. The next morning, I logged in at about 9AM to check things out (using RDP ports that are temp open until I set up VPN) and all was well.  Later at 11AM, I tried to log in again and could not. I called the office and they said they could not access internet. When I got there, I could not open the web interface, and no response from pinging the device. Local console ifconfig showed that both interfaces were active. I tried to ping a server from the pfsense console, and got 'ping: sendto: Operation not permitted'.

    At this point I rebooted the router and everything started working again. I watched the router throughout the day and noticed that the state table was getting close to the default limit of 10,000 states. I raised the limit of states to 50,000 to prevent a problem. Looking today, the states are at 21124/50000, and the last reboot was at about noon yesterday. This network is relatively small, 13 computers and 2 servers. I don't have any unusual settings on the box, it's a brand new install. I only added RDP ports access, everything else is default configs. Network is pretty basic, pfsense lan side is connected to a switch, which has one other switch attached to it. The wan side is connected to a public IP address.

    Other settings:
    Enable Secure Shell: Checked
    Firewall Maximum States: 50,000
    Disable NAT Reflection: Checked
    Allow DNS server list to be overridden by DHCP/PPP on WAN: Checked
    WAN Interface:
     Static IP
     Block private networks: Checked
     Block bogon networks: Checked

    LAN Interface:
     Static IP
     Bridge with: None

    No VLANS configured

    Port forwarding: RDP 3389, plus 3387 & 3388 to 3 internal hosts
    1:1 None

    Outbound:
    Automatic outbound NAT rule generation (IPsec passthrough) selected

    Is it normal for such a small number of computers to need so many states? and for it to reach such a high number in less than a day's time? Any advice on how to prevent the state table from growing so large? I looked at the RRD graphs and do not see any high volumes of traffic. Throughput has a high of 800K. Let me know if I can provide any other information to assist troubleshooting.

    Thanks!!

    0
  • R

    Take a look at this thread.  My guess is that you picked up a version with a state bug.

    http://forum.pfsense.org/index.php/topic,16971.0.html

    Note that there is a forum for 1.2.3 rc2 as it is not yet the stable release - as you have found out :)

    ryts

    0
  • M

    Thanks ryates. That was the problem. I re-flashed the box with 1.2.2 and it's working great now.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy