Pfsense lockup?!?!? state table SOLUTION

Firewalling
Log in to reply
  • B

    ok,  figured i would post here because this was a rather annoying issue to figure out.

    it seems that my simple home network, 2 pc's and only 1 machine running bittorrent (only around 3 torrents at one time) plus a voip phone, was causing pfsense to lock up

    at first i thought it was the hardware becasue there was no entry in the logs under system or firewall that gave me any clue to what the unresponsiveness of the unit might be caused by.  it would seem that every 100th try (overexaggerating) would get through the firewall for web browsing etc, but the bittorrent downloads would no lock up at all.  everyday i would reset the firewall, and it would work for around a day, and would be dead by the next morning

    i finally tracked it down to the amount of states that the firewall holds, watching the state table size grow, it would average around a 20 state per second growth rate at the default expiration setting.  moving this to conservative made this rate boom,  and aggressive seems like it is expiring the connections down from around 15000 at a rate of 10/sec

    just a tip for anyone out there,  make sure to set your unit to aggressive if you are gonna run filesharing.  or if someone can tell me if i have something misconfigured elsewhere, i would greatly appreciate it.

    hope this helps ;)

    0
  • S

    With 150+ users behind one pfsense we rarely even see 10,000 states.  You must be the warez king over there.

    0
  • L

    Maybe it's bittorrent, it's eating a lot of states iirc.

    0
  • E

    its like your at my place,

    2 computers
    a vonage box
    1 computer running bittorren

    I was thinking hardware as well till i went thou 4 computers last one being a dule amd MP2400+ with 2gigs of ram
    was trying of over kill still went dead after about 24hours. some times as little as 4 hours if i was doing a massive anime download.

    I'll try changing my settings to aggressive

    thanks.

    0
  • B

    Wierd, I never have a problem with my 4801 and bittorrent.  Of course I also have my state table set to 50000 :)

    –Bill

    0
  • L

    have mine set to 65536.. Its been going for weeks only rebooting on upgrades.. No problems and we run bittorrent on a regular basis.

    0
  • Z

    The interesting problem I find is that after a day or two with the 3 computers on my network I can get this problem without any p2p applications but if I switch to m0n0 is seems to handle it just fine, the only difference which it may be the source of the problem is the atheros pci card which is in the firewall….possibly failing to close states(haven't verified yet).

    0
  • S

    Aren't you comparing apples to oranges?  Last time I checked m0n0wall doesn't support atheros.

    0
  • Z

    @sullrich:

    Aren't you comparing apples to oranges?  Last time I checked m0n0wall doesn't support atheros.

    True, m0n0wall doesn't support Atheros. I need to check this with the atheros card removed.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy