----- "Joe Laffey" <j...@laffey.tv> wrote: > I had a weird thing happen this morning. I have a WAN, a LAN, a DMZ, > and a OPT2 > interface. Each of these has its own NIC. > > For some reason PFSense stopped routing outgoing packets from the DMZ > to the > WAN. (It may have just been new connections only. I saw some traffic > still > going from an FTP server.) The LAN could still get to the DMZ, and the > LAN > could still get to the WAN. > > I rebooted, and this fixed it. > > However, a few minutes later the same thing happened again. Now I did > go reset > the switches connected to the DMZ. But it would be odd that resetting > those > switches would cause the traffic to the WAN to fail, but not to the > LAN. Also, > I just tried resetting the switches again to no avail. > > > I am still on 1.2 RC1. > > > Any thoughts? > > Thanks in advance. >
The first thing that comes to mind is that your state table might be exhausted. Existing states would allow traffic to continue flowing but new traffic would fail... When the problem happens, check your state table usage by going to Status-->System from the menu. If your states are dangerously close or at the limit, you may wish to increase your state table size on the System-->Advanced page. IIRC, you want to plan on 2-3k per state(someone please correct me if I'm wrong!)... so if you have 512MB RAM, you'd be able to handle comfortably 90000 states while still leaving some headroom for the OS. If you're using any addon packages (squid, bandwidthd, etc) you'll want to ensure you save some space for those as well. --Tim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
