[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)

Per Gøtterup said:
> Ryan McBride wrote:
>> On Mon, Sep 06, 2004 at 06:23:28PM +0200, Per G?tterup wrote:
>>>Now the problem is that states never seem to live more than a few
>>> minutes
>>>at the most (a few seconds tends to be the rule) even for active
>>>connections. I see web-connections and ssh-connections being terminated
>>>more or less randomly (and very fast - usually in seconds). The problem
>>>seems to be concentrated on the internal interface (the one with the 8
>>>subnets) but I'm not sure this is 100% true.
>>>Creating stateless rules shows that this problem is definately related
>>> to
>>>states as everything works flawlessly (no disconnections) when the state
>>>system is bypassed.
>>>Anyone clueful enough to know what is happening?
>> There was a bug in pfsync when using adaptive timeouts:
>> http://marc.theaimsgroup.com/?l=openbsd-pf&m=109351242125764&w=2
>> This has been fixed in -current, you might want to try that.
> Pardon me for being clueless but exactly what do I need to do to try that?
> - Reinstall the server or
> something else? - I'm pretty new to OpenBSD as well so I'm pretty much in
> the dark here... :)
> BTW - Thanks for the response!
> --
> Per Gøtterup <[email protected]> · Systems Administrator & Support
> WebHotel.net · INFORCE A/S · Sydvestvej 100 · DK-2600 Glostrup · Denmark
> Phone: +45 70232490 · Fax: +45 70232480 · Web: www.webhotel.net
Is this fixed in 3.6 release ?
Wonder as I have random disconnects when the two firewalls are up at the
same time.