Number of states over 9000 for two computers
-
The internet is extremely slow and latency is extremely high, looked at the pfsense box and it has around 9600 states. This seems like it is all from my room mate's computer. I know he torrents a lot, but he has the speed capped. Anybody know what could be causing this? Seems like all of the states say MULTIPLE:MULTIPLE, ESTABLISHED:ESTABLISHED, or FIN_WAIT_2:ESTABLISHED.
-
Also, what's a normal number of states?
-
If he does not have it set up to limit the number of active torrents and has a high limit set for the number of connections, it can use a lot of connections even if a bandwidth limit is set.
-
Is there a way to limit the number of states he can have?
-
You could create a firewall rule for him and fill in some of the state-related fields under "Advanced Options".
Just as an FYI, I checked my main pfSense box at work, and, hitting refresh every few seconds for a few minutes, I have between 8000-12000 states for around 100 computers. About 20% of those are technically internet-enabled but have basically zero web usage, and, of the remaining, about 10% of the users use the vast majority of my bandwidth.
-
What do I use as the rule? Under lan or wan?
Pass or block or reject?I found the limit number of state entries per host. Just not sure what to do with it.
-
Is there a way to limit the number of states he can have?
You can raise the maximum number of states (default 10,000?) in pfsense instead. I easily have 11k to 12k states off my machine on torrenting 2 or 3 files at a time and there is no issue as long as the connection bandwidth isn't saturated. If raising the number of states doesn't work, then he evidently isn't limiting the bandwidth usage enough or he hasn't gotten around to applying the rate limits to uTP traffic as well.
-
how do I do that?
-
System -> Advanced -> Firewall Maximum States
By default on 1.2.3, it should be 10,000. You can raise it to just about any high figure if you want. The memory is only used up when states are generated anyway. I have mine at 500,000 on a rig with 1GB of ram (but I don't run any packages).
The maximum I've hit with 2 active downloading machines is about 20,000 states. If your room mate is the only other client on the LAN, I reckon 100,000 is enough. The OS networking stack should crap out or the disk go into overload long before he can touch that figure. -
Each state is 1K of RAM, so 500,000 states is 500MB.
The disk wouldn't matter to network throughput, just RAM/CPU :-)
-
The disk wouldn't matter to network throughput, just RAM/CPU :-)
I meant the harddrive on the client. Extreme torrenting tends to cause a harddisk overload error (harddrive thrashing doesn't keep up with the amount of small I/Os coming it's way) on the torrent client.
-
Alright, I just proved myself wrong. I managed >120,000 states with only 1 machine torrenting. Then again, I do have 8GB of ram on the torrent machine and saturating 1 full core on my E8400 for uTorrent.
-
Wow. I also discovered that if I turn of UPnP, the connections drop a lot.
-
Wow. I also discovered that if I turn of UPnP, the connections drop a lot.
Yes. uPNP is an easy way to punch through the NAT for torrenting if you don't have access to the router or don't know how to configure port forwarding for torrenting.
