Increasing State Table / FIN_WAIT_2:FIN_WAIT_2
-
Hello ,
i'm running pfsense 1.2 ( latest Revision from WEB ) in Bridge mode on a Asus Server
with 2GB Ram , Dual Xeon 3GHz.
I have three interfacesRouter (default Gateway for DMZ )
|
|
Pfsense WAN (one IP for external Management )
||
||–--Pfsense DMZ ( Bridge to WAN )
|
|-----Pfsense LAN ( for internal Managment )Everything is working fine but i have had to increase my state table to 100000 because it's still
growing up and up .
When i have checked the state table i can see hundred of tcp connections in State FIN_WAIT_2:FIN_WAIT_2tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48703 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48704 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48705 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48706 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48707 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48708 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48709 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48710 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37191 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48711 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37192 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48712 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37193 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48713 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37194 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48714 FIN_WAIT_2:FIN_WAIT_2
tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37195 FIN_WAIT_2:FIN_WAIT_2and
tcp aaa.bbb.ccc.3:37158 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37159 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37160 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48941 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48942 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48943 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48944 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48945 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48946 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48947 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37172 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48948 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37173 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48949 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37174 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:48950 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
tcp aaa.bbb.ccc.3:37175 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2These connections are coming from our Mailcluster .
Our Maildeliveryscripts are creating these states by running DSPAM (Spamfilter which is connecting to the
global Mysql SPAM-Database) during local delivery .Is this a Problem of DSPAM or has anybody else seen this behavoir ?
Is it possible to clear these states after a given time ?kind regards
Stefan -
Create firewallrules for that traffic and bump the advanced button on the rules edit screen. You can set individual state timeouts there for that traffic to clean up the states after a given time.
-
Yes , that's it !
thanks a lot
-Stefan