I'm using pfsense to protect a number of web/mail/ftp servers, which it does fantastically. Since upgrading to the 1.0 Betas it seems to be running out of available states very quickly. I've upped the state table to 20000 and it's run out within a few hours. Most of the states seem to be http access with successive source/destination ports eg:
tcp 195.10.242.40:80 <- 156.99.15.1:11608 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11609 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11610 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11611 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11612 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11614 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11615 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11616 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11618 FIN_WAIT_2:FIN_WAIT_2 tcp 195.10.242.40:80 <- 156.99.15.1:11619 TIME_WAIT:TIME_WAIT or tcp 62.6.139.10:51538 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 tcp 62.6.139.10:40536 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 tcp 62.6.139.10:24485 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 tcp 62.6.139.10:37053 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 Should I not be using stateful filtering for http services, or limiting states per ip? It's currently running 1.0-PREBETA2-BUG-VALIDATION-EDITION5 Cheers Lawrence Farr EPC Direct Limited --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
