1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Increasing State Table / FIN_WAIT_2:FIN_WAIT_2

Increasing State Table / FIN_WAIT_2:FIN_WAIT_2

  • S

    Hello ,

    i'm running pfsense 1.2 ( latest Revision from WEB ) in Bridge mode on a Asus Server
    with 2GB Ram , Dual Xeon 3GHz.
    I have three interfaces

    Router (default Gateway for DMZ )
    |
    |
    Pfsense WAN (one IP for external Management )

    –--Pfsense DMZ ( Bridge to WAN )
    -----Pfsense LAN ( for internal Managment )

    Everything is working fine but i have had to increase my state table to 100000 because it's still
    growing up and up .
    When i have checked the state table i can see hundred of tcp connections in State FIN_WAIT_2:FIN_WAIT_2

    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48703 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48704 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48705 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48706 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48707 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48708 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48709 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48710 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37191 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48711 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37192 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48712 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37193 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48713 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37194 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48714 FIN_WAIT_2:FIN_WAIT_2
    tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37195 FIN_WAIT_2:FIN_WAIT_2

    and

    tcp aaa.bbb.ccc.3:37158 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37159 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37160 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48941 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48942 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48943 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48944 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48945 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48946 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48947 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37172 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48948 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37173 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48949 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37174 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:48950 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
    tcp aaa.bbb.ccc.3:37175 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2

    These connections are coming from our Mailcluster .
    Our Maildeliveryscripts are creating these states by running DSPAM (Spamfilter which is connecting to the
    global Mysql SPAM-Database)  during local delivery .

    Is this a Problem of DSPAM or has anybody else seen this behavoir ?
    Is it possible to clear these states after a given time ?

    kind regards
    Stefan

    0
  • H

    Create firewallrules for that traffic and bump the advanced button on the rules edit screen. You can set individual state timeouts there for that traffic to clean up the states after a given time.

    0
  • S

    Yes , that's it !

    thanks a lot

    -Stefan

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy