Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Increasing State Table / FIN_WAIT_2:FIN_WAIT_2

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sberger381
      last edited by

      Hello ,

      i'm running pfsense 1.2 ( latest Revision from WEB ) in Bridge mode on a Asus Server
      with 2GB Ram , Dual Xeon 3GHz.
      I have three interfaces

      Router (default Gateway for DMZ )
      |
      |
      Pfsense WAN (one IP for external Management )
      ||
      ||–--Pfsense DMZ ( Bridge to WAN )
      |
      |-----Pfsense LAN ( for internal Managment )

      Everything is working fine but i have had to increase my state table to 100000 because it's still
      growing up and up .
      When i have checked the state table i can see hundred of tcp connections in State FIN_WAIT_2:FIN_WAIT_2

      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48703 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48704 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48705 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48706 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48707 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48708 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48709 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48710 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37191 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48711 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37192 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48712 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37193 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48713 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37194 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:48714 FIN_WAIT_2:FIN_WAIT_2
      tcp xxx.yyy.zzz.245:3306 <- aaa.bbb.ccc.3:37195 FIN_WAIT_2:FIN_WAIT_2

      and

      tcp aaa.bbb.ccc.3:37158 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37159 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37160 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48941 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48942 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48943 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48944 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48945 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48946 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48947 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37172 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48948 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37173 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48949 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37174 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:48950 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2
      tcp aaa.bbb.ccc.3:37175 -> xxx.yyy.zzz.245:3306 FIN_WAIT_2:FIN_WAIT_2

      These connections are coming from our Mailcluster .
      Our Maildeliveryscripts are creating these states by running DSPAM (Spamfilter which is connecting to the
      global Mysql SPAM-Database)  during local delivery .

      Is this a Problem of DSPAM or has anybody else seen this behavoir ?
      Is it possible to clear these states after a given time ?

      kind regards
      Stefan

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Create firewallrules for that traffic and bump the advanced button on the rules edit screen. You can set individual state timeouts there for that traffic to clean up the states after a given time.

        1 Reply Last reply Reply Quote 0
        • S
          sberger381
          last edited by

          Yes , that's it !

          thanks a lot

          -Stefan

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.