Date: Thu, 07 Jun 2012 10:44:22 -0700 From: Chuck Swiger <cswiger@mac.com> To: Michael Sierchio <kudzu@tenebras.com> Cc: freebsd-questions@freebsd.org Subject: Re: Proper Port Forwarding Message-ID: <B50E0A24-9039-455E-87D4-662BDF9CE5F1@mac.com> In-Reply-To: <CAHu1Y73UM7aZp20ToVnj=aoieXrtLxHUvo-jTqNyjYkMj6_eTw@mail.gmail.com> References: <20120606183127.68447106566B@hub.freebsd.org> <CAHu1Y71_JwPSv13WQJXmkBX=bjCzhuW7%2BSPxwuz_1=o9qckpsw@mail.gmail.com> <jqqni9$kh0$1@dough.gmane.org> <CAHu1Y700O=NKKq5PYtB64VtCSQvAR6emYMC8y7_QMmgD3WGPJQ@mail.gmail.com> <CAHu1Y73UM7aZp20ToVnj=aoieXrtLxHUvo-jTqNyjYkMj6_eTw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 7, 2012, at 10:29 AM, Michael Sierchio wrote: > On Thu, Jun 7, 2012 at 10:27 AM, Michael Sierchio <kudzu@tenebras.com> wrote: >> net.inet.tcp.finwait2_timeout: 60000 <- ms, ten minutes > > I can't do arithmetic, but you get the idea. A full minute. Yes; that's already shorter than possible MAXTTL value of packets, which can be anywhere up to 255 seconds (~= 5 minutes). Well, it's usually OK for a webserver to decide that it doesn't need to wait around for clients to properly shutdown their HTTP connections, but one might want to be more careful about zapping sockets early for HTTPS/SSL connections (ie, an online store doing a CC transaction or the like). Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B50E0A24-9039-455E-87D4-662BDF9CE5F1>