[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)



jared r r spiegel wrote:

I see lots of traffic on the pfsync0 interface (dedicated interface/vlan).

Now the problem is that states never seem to live more than a few minutes

Creating stateless rules shows that this problem is definately related to states as everything works flawlessly (no disconnections) when the state system is bypassed.


  are you using lots of "quick"s ?  there's nothing in know of inherent
  to the quick mechanism that would intrinsicly cause the issue you describe,
  but if you're new to pf, maybe there is a mistake made somewhere in the
  logic of the conf.?  if you're using quick, have you tried to write
  the rules to flow w/o quick and see if the situation still exists?

There are quite a few quicks which should be possible to remove.


Anyone clueful enough to know what is happening?


not without seeing the pf.conf

It's about 3000 lines... It was converted from ipf which didn't have much in the way of tables and macros... It needs to be rewritten from scratch at some point.


did you set the "adaptive.start" and "adaptive.end" parameters?

Yes, and I've tried to unset them again (setting them to 0). I've also tried disabling pfsync (by downing the pfsync interfaces) but that didn't change anything either.


--
Per Gøtterup <[email protected]> · Systems Administrator & Support
WebHotel.net · INFORCE A/S · Sydvestvej 100 · DK-2600 Glostrup · Denmark
Phone: +45 70232490 · Fax: +45 70232480 · Web: www.webhotel.net