On Mon 24 Nov 2014 19:24:55 NZDT +1300, Nishant Sharma wrote: Thanks.
> I have observed this happening when there are infected machines in the > network that incessantly send web requests. This causes squid to query > filterdns which fills all the states and new connections are slow to > open. > > Have a look on state table and you will see most of them from > 127.0.0.1 to 127.0.0.1:53. There is no abnormality in the state table. For the first occurrance of this problem used-states peaked at 170 (RRD, 1 week, 1h average), for the second at 120 (RRD, 1 day, 5 minutes average). For the first time I checked this in the web interface at the time, the second time I couldn't get a web login. The access log shows a client doing web browsing with a request rate of up to something like 20/second for the first. That's normal, pages loading all their CDN and adcr.p references. No activity for the second time(!) in the log, but that seems a bit low. I had increased the squifguard processes from the default 5 to 20 (had to hack the php) to avoid warnings about insufficient processes. > Immediate measure can be not to use dns-forwarder as DNS for the > firewall. Sift through squid access log to find out infected machines > and sanitise them. No infected machines present. It is entirely possible that my ISP had DNS or general congestion at the time. However I expect pfsense not to shoot itself when its Internet connection is less than perfect. As a quick measure I have moved squid + squidguard logs to a different filesystem and changed process limits from kern.maxfiles: 12328 kern.maxfilesperproc: 11095 to kern.maxfiles: 15000 kern.maxfilesperproc: 3000 And squid needs its logging sorted: uniq < cache.log > cache.log-uniq wc -l cache.log* 98234680 cache.log 64153 cache.log-uniq So I am still looking for the cause of this suicidal pfsense box. Any pointers gratefully accepted. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list