From owner-freebsd-questions@FreeBSD.ORG  Thu Jun  7 17:44:25 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2EA661065676
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Jun 2012 17:44:25 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from nk11p00mm-asmtp009.mac.com (nk11p00mm-asmtp009.mac.com
	[17.158.161.8]) by mx1.freebsd.org (Postfix) with ESMTP id 0D9948FC19
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Jun 2012 17:44:25 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from cswiger1.apple.com (unknown [17.209.4.71])
	by nk11p00mm-asmtp009.mac.com
	(Oracle Communications Messaging Server 7u4-23.01(7.0.4.23.0) 64bit
	(built Aug
	10 2011)) with ESMTPSA id <0M59009ABD9ZOY10@nk11p00mm-asmtp009.mac.com>
	for
	freebsd-questions@freebsd.org; Thu, 07 Jun 2012 17:44:24 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=2.50.10432:5.6.7580,1.0.260,0.0.0000
	definitions=2012-06-07_06:2012-05-21, 2012-06-07,
	1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0
	classifier=spam
	adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000
	definitions=main-1206070165
From: Chuck Swiger <cswiger@mac.com>
In-reply-to: <CAHu1Y73UM7aZp20ToVnj=aoieXrtLxHUvo-jTqNyjYkMj6_eTw@mail.gmail.com>
Date: Thu, 07 Jun 2012 10:44:22 -0700
Message-id: <B50E0A24-9039-455E-87D4-662BDF9CE5F1@mac.com>
References: <20120606183127.68447106566B@hub.freebsd.org>
	<CAHu1Y71_JwPSv13WQJXmkBX=bjCzhuW7+SPxwuz_1=o9qckpsw@mail.gmail.com>
	<jqqni9$kh0$1@dough.gmane.org>
	<CAHu1Y700O=NKKq5PYtB64VtCSQvAR6emYMC8y7_QMmgD3WGPJQ@mail.gmail.com>
	<CAHu1Y73UM7aZp20ToVnj=aoieXrtLxHUvo-jTqNyjYkMj6_eTw@mail.gmail.com>
To: Michael Sierchio <kudzu@tenebras.com>
X-Mailer: Apple Mail (2.1084)
Cc: freebsd-questions@freebsd.org
Subject: Re: Proper Port Forwarding
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2012 17:44:25 -0000

On Jun 7, 2012, at 10:29 AM, Michael Sierchio wrote:
> On Thu, Jun 7, 2012 at 10:27 AM, Michael Sierchio <kudzu@tenebras.com> wrote:
>> net.inet.tcp.finwait2_timeout: 60000  <- ms, ten minutes
> 
> I can't do arithmetic, but you get the idea. A full minute.

Yes; that's already shorter than possible MAXTTL value of packets, which can be anywhere up to 255 seconds (~= 5 minutes).

Well, it's usually OK for a webserver to decide that it doesn't need to wait around for clients to properly shutdown their HTTP connections, but one might want to be more careful about zapping sockets early for HTTPS/SSL connections (ie, an online store doing a CC transaction or the like).

Regards,
-- 
-Chuck