4. Maximum state entries per host

Maximum state entries per host

  • F

    dear forum users,

    i have the following problem with my new pfsense 1.2.3 box:
    i am using the "pop3 connector" from microsoft's "small business server", to check approx. 50 pop3 mailboxes each minute. so my "small business server" makes 50 connections for dns quieries and another 50 connections for the pop3-traffic.
    the problem is, that i got regularly some error messages in my server's event log. with my previous firewall (Zyxel ZyWall 10) i did not got the error messages after i set the "maximum connections per host" to 1024.

    in pfsense, i have set 20000 as the "maximum state table size" in "advanced options" in the main menu.
    now i am looking for an option to increase the "maximum connections per host"-value in pfsense.

    i thought i just can increase it in the "Default LAN -> Any"-Rule the option "Maximum state entries per host" but i am not sure if it works? and if it's on the right place to set? and what about the other 3 options, how do i have to set these?

    thanks for your answers,

    regards
    fabian

    PS: the router hardware is an "OPNsense pfSense Appliance HD Rack Edition"

    0
  • Rebel Alliance Developer Netgate

    By default there is no limit, so unless you set one, that won't be limited by the router.

    It's possible that the connections are happening so fast now that your ISP is limiting the number of concurrent POP connections. Is there a way you can instruct the POP3 connector to throttle its connections a bit instead of trying all 50 at once? and checking that many every minute seems a bit excessive to me, having run mail servers for years, I cringe at hearing people check mail every minute. E-mail isn't meant to be an IM, it's not supposed to be "instant". You're really just wasting a lot of resources on the upstream ISP mail server :-)

    0
  • F

    Hi jimp,

    thanks for your answer. i have not set up that POP3-Connector - but i think i will have a talk to my collegue, to set the interval higher than 1 minute. (3 minutes or so).
    the problem: at the microsoft pop3-connector i can not set up that the e-mail mailboxes were checked once by another - it will always do the check on all mailboxes the same time.

    i have set up now some values at the "Default LAN->Any"-Rule:

    Simultaneous client connection limit: 4096
    Maximum state entries per host: 1024
    Maximum new connections / per second: 512/1
    State Timeout in seconds: 180

    Global Settings:

    Firewall Mode: conservative
    Max. State Table Size: 20000

    I still get the POP3-Errors. I set up the POP3-Connector to 2 minute interval - in a few weeks i will set up a direct SMTP MX record to our exchange server.

    I also had this errors in the windows event log while we had the ZyWall 10 - but as i said, i set up the maximum connections per client to 1024 - and the errors didn't came back again - till i installed pfsense last week. i was looking for a secure firewall and gateway - whoch pfsense is. but these errors, i'm sure, are triggered by pfsense…

    thanks + regards
    fabian

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy