Hello everyone. I am having an issue which I've tried to determine the cause but I'm hitting a brick wall.
I have a OpenBSD 4.5-stable firewall, running pf. The state table is set to 350,000 entries. Some times, I have seen cases where the amount of states is around half, about 180,000, but connections will not work. For instance, we have 4 interfaces: Outside Inside DMZ Backup network and I will see where connecting from the DMZ -> Inside, for instance, to connect to a DB server, will fail, in that it will simply hang. However, if I kill the states from that machine using pfctl, it will then start working again. I have checked the DB server, and it does not seem to have too many connections. If I choose an alternate port on that same server, the connection goes through, even without killing the state table entries. Any help would be appreciated in figuring this out..and I'd be happy to supply any requested details (not sure what to give out immediately...) Thanks. -Matt
