[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)



Per Gøtterup said:
> Ryan McBride wrote:
>
>> On Mon, Sep 06, 2004 at 06:23:28PM +0200, Per G?tterup wrote:
>>
>>>Now the problem is that states never seem to live more than a few
>>> minutes
>>>at the most (a few seconds tends to be the rule) even for active
>>>connections. I see web-connections and ssh-connections being terminated
>>>more or less randomly (and very fast - usually in seconds). The problem
>>>seems to be concentrated on the internal interface (the one with the 8
>>>subnets) but I'm not sure this is 100% true.
>>>
>>>Creating stateless rules shows that this problem is definately related
>>> to
>>>states as everything works flawlessly (no disconnections) when the state
>>>system is bypassed.
>>>
>>>Anyone clueful enough to know what is happening?
>>
>>
>> There was a bug in pfsync when using adaptive timeouts:
>>
>> http://marc.theaimsgroup.com/?l=openbsd-pf&m=109351242125764&w=2
>>
>> This has been fixed in -current, you might want to try that.
>
> Pardon me for being clueless but exactly what do I need to do to try that?
> - Reinstall the server or
> something else? - I'm pretty new to OpenBSD as well so I'm pretty much in
> the dark here... :)
>
> BTW - Thanks for the response!
>
> --
> Per Gøtterup <[email protected]> · Systems Administrator & Support
> WebHotel.net · INFORCE A/S · Sydvestvej 100 · DK-2600 Glostrup · Denmark
> Phone: +45 70232490 · Fax: +45 70232480 · Web: www.webhotel.net
>
>
Is this fixed in 3.6 release ?
Wonder as I have random disconnects when the two firewalls are up at the
same time.
/Per-Olov