[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)



On Mon, Sep 06, 2004 at 06:23:28PM +0200, Per G?tterup wrote:
> Now the problem is that states never seem to live more than a few minutes 
> at the most (a few seconds tends to be the rule) even for active 
> connections. I see web-connections and ssh-connections being terminated 
> more or less randomly (and very fast - usually in seconds). The problem 
> seems to be concentrated on the internal interface (the one with the 8 
> subnets) but I'm not sure this is 100% true.
> 
> Creating stateless rules shows that this problem is definately related to 
> states as everything works flawlessly (no disconnections) when the state 
> system is bypassed.
> 
> Anyone clueful enough to know what is happening?
There was a bug in pfsync when using adaptive timeouts:
http://marc.theaimsgroup.com/?l=openbsd-pf&m=109351242125764&w=2
This has been fixed in -current, you might want to try that.