Pfsense stop internet when satrting dayzcommander with 200+ connection



  • Hello,

    i've found nothing conclusive trough search, so here is my problem

    im using the latest pfsense on a pentium D with 4Gb ram.

    everything work flawlessly except when a game program try to refresh servers opening 200+ connection. then Internet just die no ping nothing, but  pfsense still answer on his web interface.

    so i guess there might be some flood protection of something ? what and where could i find clue to this problem ?

    thank you!



  • @sy5tem:

    everything work flawlessly except when a game program try to refresh servers opening 200+ connection. then Internet just die no ping nothing, but  pfsense still answer on his web interface.

    Please give more details of what you mean by Internet just die no ping nothing What is recorded in the system log (see Status -> System Logs) around the time of this "death".

    It is possible that all those connections furiously attempting to download at full speed have saturated your Internet connection leading to long delays in ping responses causing the gateway monitoring to treat the internet connection as "down" causing a reset of the connection in an attempt to clear the down state but that doesn't clear the long ping delays.

    More information is needed and an extract from the system log is a good place to begin.



  • @wallabybob:

    @sy5tem:

    everything work flawlessly except when a game program try to refresh servers opening 200+ connection. then Internet just die no ping nothing, but  pfsense still answer on his web interface.

    Please give more details of what you mean by Internet just die no ping nothing What is recorded in the system log (see Status -> System Logs) around the time of this "death".

    It is possible that all those connections furiously attempting to download at full speed have saturated your Internet connection leading to long delays in ping responses causing the gateway monitoring to treat the internet connection as "down" causing a reset of the connection in an attempt to clear the down state but that doesn't clear the long ping delays.

    More information is needed and an extract from the system log is a good place to begin.

    hello, thank you, i will try to give more information, so right know i am doing a remote session to the office, to one of my computer, i start dayzcommander do a server refresh setting it to scan 200 per tick, (7K servers) as soon as i do this , and i try ti ping any domain, they time out. and i lose my imap connection, and new dns request don't seem's to work…

    it really just might be might 20mb/10mb inet connection.. you are right .....

    in pfsense system log i see nothing at all!

    thank you for you reply ... i feel stupid now lol!

    i will investigate further next monday.



  • How is this connected to the internet?
    Is it modem > pfsense > computer?

    or

    Modem/router > pfsense > computer?

    Reason I ask is look at the state table size and the number of active states on the pfsense main console page.
    If it has > 4000 or sometimes even 1000 connections open, thats all it would take to shut down many routers.
    People are often using a router before pfsense and not realizing this can happen.  But reading your post, my first thought is "insufficient state table size" either on the modem/router combo before the pfsense (most likely) or in the pfsense settings its self.



  • @sy5tem:

    i start dayzcommander do a server refresh setting it to scan 200 per tick, (7K servers) as soon as i do this , and i try ti ping any domain, they time out. and i lose my imap connection, and new dns request don't seem's to work…

    As mentioned, it could be be that you are seeing long delays because your internet link is way overloaded OR the link has gone down.

    @sy5tem:

    in pfsense system log i see nothing at all!

    I am a little surprised by this this BUT perhaps you have disabled gateway monitoring. If gateway monitoring was enabled I would expect to see apinger reporting delays.

    It could be useful to look at the traffic RRD graph for the WAN interface - see Status -> RRD Graphs click on Traffic tab and select WAN graph. Does it show substantial traffic when you were running dayzcommander? If so, you are probably seeing the consequence of substantial overload of the link rather than the link going down.



  • I think we really need to know if there is anything between the internet and pfsense like another DHCP server before we can say its pfsense.  PFsense excells at making tons of connections.  I doubt seriously a state limit is pfsense's fault.