From owner-freebsd-questions@FreeBSD.ORG Sat Sep 18 21:48:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D04D16A4CE for ; Sat, 18 Sep 2004 21:48:25 +0000 (GMT) Received: from shockwave.systems.pipex.net (shockwave.systems.pipex.net [62.241.160.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6436F43D41 for ; Sat, 18 Sep 2004 21:48:24 +0000 (GMT) (envelope-from robert@irrelevant.com) Received: from albert.mosthosts.net (81-86-155-6.dsl.pipex.com [81.86.155.6]) by shockwave.systems.pipex.net (Postfix) with ESMTP id 35DA81C0012A for ; Sat, 18 Sep 2004 22:48:22 +0100 (BST) Received: from dibbler.irrelevant.com (dhcp95.internal.irrelevant.com [192.168.0.95]) by albert.mosthosts.net (Postfix) with ESMTP id 6A2B958 for ; Sat, 18 Sep 2004 23:04:08 +0100 (BST) Message-Id: <6.1.2.0.0.20040918222850.03091b40@albert> X-Sender: irrelevant1@albert X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Sat, 18 Sep 2004 22:48:15 +0100 To: questions@freebsd.org From: Rob Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: 4.10, Jails, apache and FIN_WAIT_1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 21:48:25 -0000 Hi.. Due to unreliable hardware, I transferred my (very lightly loaded) webserver from it's own machine, running FreeBSD 5.2, to a jail on alternate machine running 4.10-STABLE (Cvsup'd as of 14/9/04). The new system is a Pentium III, 1GHz, 384Mb RAM, dual 40Gb drives (on a SiL 0680 ATA133 Raid controller, as RAID 1) it's running mysqld as well, but should be able to cope. I installed latest versions of all the software, (ran portupgrade) but just copied over the apache config folder from /usr/local/etc on the other machine. It's not complained. The data area was nfs mounted from the machine I just moved apache to, so I've just nfs-mounted this at the appropriate mount point inside the jail. The problem is, I'm getting a lot of stalled connections when accessing the webserver. running netstat on the host shows e.g.: tcp4 0 0 jade.http 212.57.246.42.35590 FIN_WAIT_1 tcp4 0 0 jade.http 212.57.246.42.35585 ESTABLISHED tcp4 0 0 jade.http 212.57.246.42.35555 CLOSING This one is me - while this FIN_WAIT_1 is present, I cannot persuade my browser (Opera 7.52 on Windows 2K) to work - it sits with "Sending request to www..." in the status line. Pressing refresh does nothing... as soon as the FIN_WAIT_1 vanishes, then everything is OK again, for a few more minutes. I'm running apache-1.3.31_4 in the jail, which was set up simply as per the jail man page, then ssh enabled. No software firewall (this server is behind a NATing ADSL router, the configuration of which has not changed bar the http port-forwarding IP address, and I am behind a hardware firewall, ditto no changes. I do block ICMP on my firewall, but it's never caused this sort of problem before. Googling for FIN_WAIT_1 throws up some hits about a DoS vulnerability, but nothing I can see that relates to the problem I am having. This is hardly a complicated configuration, so is there something I am missing, some kernel configuration issue maybe, that I should know about? Any pointers towards where I should look next would be much appreciated, Thanks in advance, Rob O'Donnell.