Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    State table quickly growing on small network

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikenchi
      last edited by

      Hello all,

      I'm looking for some guidance on troubleshooting a problem with a newly installed pfSense router/firewall (my 1st). Last Thursday, I set up a Netgate ALIX box pre-installed with pfSense 1.2.3-RC2. I finished configuration about 10PM and went home. The next morning, I logged in at about 9AM to check things out (using RDP ports that are temp open until I set up VPN) and all was well.  Later at 11AM, I tried to log in again and could not. I called the office and they said they could not access internet. When I got there, I could not open the web interface, and no response from pinging the device. Local console ifconfig showed that both interfaces were active. I tried to ping a server from the pfsense console, and got 'ping: sendto: Operation not permitted'.

      At this point I rebooted the router and everything started working again. I watched the router throughout the day and noticed that the state table was getting close to the default limit of 10,000 states. I raised the limit of states to 50,000 to prevent a problem. Looking today, the states are at 21124/50000, and the last reboot was at about noon yesterday. This network is relatively small, 13 computers and 2 servers. I don't have any unusual settings on the box, it's a brand new install. I only added RDP ports access, everything else is default configs. Network is pretty basic, pfsense lan side is connected to a switch, which has one other switch attached to it. The wan side is connected to a public IP address.

      Other settings:
      Enable Secure Shell: Checked
      Firewall Maximum States: 50,000
      Disable NAT Reflection: Checked
      Allow DNS server list to be overridden by DHCP/PPP on WAN: Checked
      WAN Interface:
       Static IP
       Block private networks: Checked
       Block bogon networks: Checked

      LAN Interface:
       Static IP
       Bridge with: None

      No VLANS configured

      Port forwarding: RDP 3389, plus 3387 & 3388 to 3 internal hosts
      1:1 None

      Outbound:
      Automatic outbound NAT rule generation (IPsec passthrough) selected

      Is it normal for such a small number of computers to need so many states? and for it to reach such a high number in less than a day's time? Any advice on how to prevent the state table from growing so large? I looked at the RRD graphs and do not see any high volumes of traffic. Throughput has a high of 800K. Let me know if I can provide any other information to assist troubleshooting.

      Thanks!!

      1 Reply Last reply Reply Quote 0
      • R
        ryates
        last edited by

        Take a look at this thread.  My guess is that you picked up a version with a state bug.

        http://forum.pfsense.org/index.php/topic,16971.0.html

        Note that there is a forum for 1.2.3 rc2 as it is not yet the stable release - as you have found out :)

        ryts

        1 Reply Last reply Reply Quote 0
        • M
          mikenchi
          last edited by

          Thanks ryates. That was the problem. I re-flashed the box with 1.2.2 and it's working great now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.