At system>advanced try using the "aggressive" firewall optimization (found at the lower part of page). Does that make any difference?
Holger > -----Ursprüngliche Nachricht----- > Von: Lawrence Farr [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 26. Januar 2006 15:28 > An: [email protected] > Betreff: [pfSense Support] State Problems > > > I'm using pfsense to protect a number of web/mail/ftp > servers, which it does fantastically. Since upgrading > to the 1.0 Betas it seems to be running out of available > states very quickly. I've upped the state table to 20000 > and it's run out within a few hours. Most of the states > seem to be http access with successive source/destination > ports eg: > > tcp 195.10.242.40:80 <- 156.99.15.1:11608 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11609 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11610 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11611 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11612 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11614 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11615 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11616 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11618 FIN_WAIT_2:FIN_WAIT_2 > tcp 195.10.242.40:80 <- 156.99.15.1:11619 TIME_WAIT:TIME_WAIT > > or > > tcp 62.6.139.10:51538 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 > tcp 62.6.139.10:40536 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 > tcp 62.6.139.10:24485 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 > tcp 62.6.139.10:37053 -> 195.10.242.12:80 FIN_WAIT_2:FIN_WAIT_2 > > Should I not be using stateful filtering for http services, or > limiting states per ip? > > It's currently running 1.0-PREBETA2-BUG-VALIDATION-EDITION5 > > Cheers > > Lawrence Farr > EPC Direct Limited > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
