[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)

> I see lots of traffic on the pfsync0 interface (dedicated interface/vlan).
> Now the problem is that states never seem to live more than a few minutes 
> Creating stateless rules shows that this problem is definately related to 
> states as everything works flawlessly (no disconnections) when the state 
> system is bypassed.
  are you using lots of "quick"s ?  there's nothing in know of inherent
  to the quick mechanism that would intrinsicly cause the issue you describe,
  but if you're new to pf, maybe there is a mistake made somewhere in the
  logic of the conf.?  if you're using quick, have you tried to write
  the rules to flow w/o quick and see if the situation still exists?
> Anyone clueful enough to know what is happening?
  not without seeing the pf.conf
  did you set the "adaptive.start" and "adaptive.end" parameters?
[ openbsd 3.6 GENERIC ( aug 30 ) // i386 ]