On Sun, Jul 22, 2012 at 6:26 PM, Michael Schuh <[email protected]> wrote: >> >> The only firewall-sourced issue I can think of that would match that >> description is state table exhaustion, check your States RRD graph to >> see if you were at/near your configured limit at the time of the >> failures. > > > if that would be the case, iirc the pf kills the oldest connection states at > first, no routing issues. > ??? >
Old connections are closed first as they time out, most connections get closed as they complete. When you're at your state table limit you'll have random connection failures. What works depends on what happens to get to the firewall when it has a state available to pass the traffic, it'll be very hit and miss. State table exhaustion commonly starts out with a report of "routing issues" even though that's not really the case. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
