State table goes more than 2,50,000 entries

  • Have been enjoying pfsense for last two months with 30 computers connected.

    Last week, we got 10 mbps ofc line connecting around 200 computers spread in 7 buildings of our campus.  Each floor has its own subnets like, xxx.16.1.0,  xxx.17.1.0, … to  xxx.22.1.0.

    Each building has L2 switch which connects to L3 switch in the centre. L3 connects to Pfsense, which then connects to Cisco Router to internet.

    I have two ethernet cards in Pfsense, one for WAN and another for LAN.
    I had made 6 vlans which is routed through xxx.16.1.1.
    Packages installed are; Snort, Squid and Squidgaurd.
    Pfsense Box has core 2 duo processor and 4 gb ram.
    Pfsense version is 1.2.3-RELEASE built on Sun Dec 6 23:38:21 EST 2009

    Above setup worked at full speed for 9 days continuously, without any restart of the Pfsense box.
    Maximum states were less then 2500.

    But on 10th day, state table size increased to 2,50,000 and when it reached 3,00,000, pfsense is in hanged state.

    Then I limited the Simultaneous client connection limit = 50 and Maximum state entries per host = 50 in Firewall – Rules – Advanced setup.

    This limited the State Table size to 50,000 and my Pfsense box worked again for 4 days without any problem. We traced the problem  due to a virus attack in computers belonging to xxx.22.1.0 subnet.

    Again today, another problem: squid says:
    Squid is unable to create a TCP socket, presumably due to excessive load.

    At that time MBUF Usage was at 500/11230.

    I searched the pfsense forum and internet, for this 2 problems, but no success.

    Can any one help me?

    My thanks to Pfsense developers, for a wonderful product and to the forum participants.

