Re: [pfSense Support] State Problems

Thu, 26 Jan 2006 06:39:38 -0800 

Tente  utilizar  outro micro com freebsd  para  efetuar esse
sincronismo para testar se nao é alguma incompatibilidade com  o seu
sistema atualmente e instalado




2006/1/26, Lawrence Farr <[EMAIL PROTECTED]>:
> I'm using pfsense to protect a number of web/mail/ftp
> servers, which it does fantastically. Since upgrading
> to the 1.0 Betas it seems to be running out of available
> states very quickly. I've upped the state table to 20000
> and it's run out within a few hours. Most of the states
> seem to be http access with successive source/destination
> ports eg:
>
> tcp 195.10.242.40:80 <- 156.99.15.1:11608 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11609 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11610 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11611 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11612 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11614 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11615 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11616 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11618 FIN_WAIT_2:FIN_WAIT_2
> tcp 195.10.242.40:80 <- 156.99.15.1:11619 TIME_WAIT:TIME_WAIT
>
> or
>
> tcp 62.6.139.10:51538 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2
> tcp 62.6.139.10:40536 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2
> tcp 62.6.139.10:24485 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2
> tcp 62.6.139.10:37053 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2
>
> Should I not be using stateful filtering for http services, or
> limiting states per ip?
>
> It's currently running 1.0-PREBETA2-BUG-VALIDATION-EDITION5
>
> Cheers
>
> Lawrence Farr
> EPC Direct Limited
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
-=-=-=-=-=-=-=-=-=-
William David Armstrong
Bio Systems Security.
ICQ 10253747 MSN biosystems ]at[ gmail . com
--------------------------------------
<----.     Of course it runs
<----|============================
<----' NetBSD, OpenBSD or FreeBSD
--------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to