Date: Sat, 31 Aug 2024 12:02:11 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Pete French <pete@twisted.org.uk> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: How to diagnose "Limiting closed port RST response from 213 to 205 packets/sec" ? Message-ID: <CAN6yY1vPXzAP3nTyOB1RM6GLWn5iLkePGMbyaPbtaYG5xqn9DQ@mail.gmail.com> In-Reply-To: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, Aug 31, 2024 at 7:32 AM Pete French <pete@twisted.org.uk> wrote: > So I am running some servers with 14.1-STABLE, pretty standard - Apache > + mysql setup, and I am seeing a lot of the above messages. I have > always seen these form time to time, but recently I have had compmnaits > from a customer about the webservers being unavailable, and the times > they give correspond to bursts of these errors. > > I dont see any other errors, and am wondering how to get more info about > this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the > port that is closed would be ideal. I have a feeling that the closed > port is the one which Apaxche is suppsoed to be listenin gon (I cant > think of nay other ports which would get hammered), but that should > never be closed. > > Any advice ? > > -pete. > These are not errors. It is telling you that someone is likely doing something wrong, probably by error but possibly rudely. I believe that it means that a closed port is receiving a lot of SYNs. See the discussion on BSD forums <https://forums.freebsd.org/threads/limiting-closed-port-rst-response.72131/>; . -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small">On Sat, Aug 31, 2024 at 7:32 AM Pete French <<a href="mailto:pete@twisted.org.uk">pete@twisted.org.uk</a>> wrote:</div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">So I am running some servers with 14.1-STABLE, pretty standard - Apache <br> + mysql setup, and I am seeing a lot of the above messages. I have <br> always seen these form time to time, but recently I have had compmnaits <br> from a customer about the webservers being unavailable, and the times <br> they give correspond to bursts of these errors.<br> <br> I dont see any other errors, and am wondering how to get more info about <br> this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the <br> port that is closed would be ideal. I have a feeling that the closed <br> port is the one which Apaxche is suppsoed to be listenin gon (I cant <br> think of nay other ports which would get hammered), but that should <br> never be closed.<br> <br> Any advice ?<br> <br> -pete.<br></blockquote><div><br></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default">These are not errors. It is telling you that someone is likely doing something wrong, probably by error but possibly rudely.</div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default">I believe that it means that a closed port is receiving a lot of SYNs. See the discussion on <a href="https://forums.freebsd.org/threads/limiting-closed-port-rst-response.72131/">BSD forums</a>.<br></div></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Kevin Oberman, Part time kid herder and retired Network Engineer<br>E-mail: <a href="mailto:rkoberman@gmail.com" target="_blank">rkoberman@gmail.com</a><br></div><div>PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683</div></div></div></div></div></div></div></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vPXzAP3nTyOB1RM6GLWn5iLkePGMbyaPbtaYG5xqn9DQ>