[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf expiring states way too fast (2 hosts using carp+pfsync)
> I see lots of traffic on the pfsync0 interface (dedicated interface/vlan).
> Now the problem is that states never seem to live more than a few minutes
> Creating stateless rules shows that this problem is definately related to
> states as everything works flawlessly (no disconnections) when the state
> system is bypassed.
are you using lots of "quick"s ? there's nothing in know of inherent
to the quick mechanism that would intrinsicly cause the issue you describe,
but if you're new to pf, maybe there is a mistake made somewhere in the
logic of the conf.? if you're using quick, have you tried to write
the rules to flow w/o quick and see if the situation still exists?
> Anyone clueful enough to know what is happening?
not without seeing the pf.conf
did you set the "adaptive.start" and "adaptive.end" parameters?
[ openbsd 3.6 GENERIC ( aug 30 ) // i386 ]