From owner-freebsd-questions@FreeBSD.ORG Sat Mar 3 12:46:33 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 37C1416A402 for ; Sat, 3 Mar 2007 12:46:33 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from thenetnow.com (thenetnow.com [69.90.69.141]) by mx1.freebsd.org (Postfix) with ESMTP id 11BE513C481 for ; Sat, 3 Mar 2007 12:46:32 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from hpeel.ody.ca ([216.240.12.2] helo=GRANT) by constellation.thenetnow.com with esmtpa (Exim 4.54) id 1HNTd6-000KJV-8P; Sat, 03 Mar 2007 07:46:28 -0500 Message-ID: <004801c75d91$f809ee70$6501a8c0@GRANT> From: "Grant Peel" To: "Tek Bahadur Limbu" References: <00aa01c758c6$f8dadb90$6501a8c0@GRANT> <20070225193804.19bc9280.teklimbu@wlink.com.np> <00d501c759b8$b7dc4870$6501a8c0@GRANT> <20070303172857.2561b918.teklimbu@wlink.com.np> Date: Sat, 3 Mar 2007 07:46:31 -0500 Organization: The Net Now MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Cc: freebsd-questions@freebsd.org Subject: Re: Fw: FIN_WAIT_2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Grant Peel List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2007 12:46:33 -0000 Do you have ipfw or other firewall running? Did you restart the network? -Grant ----- Original Message ----- From: "Tek Bahadur Limbu" To: "Grant Peel" Cc: Sent: Saturday, March 03, 2007 6:43 AM Subject: Re: Fw: FIN_WAIT_2 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 26 Feb 2007 10:13:49 -0500 > "Grant Peel" wrote: > >> Hi All, >> >> I have done some research ... >> >> It appears that inn certain conditions, when the >> net.inet.ip.fw.dyn_keepalive=1 (sysctl), remote clients or other >> servers may not respond, and a new rule or dynamic rule is setup. >> turning this to 0 seemed to help. >> >> The effect (of having net.inet.ip.fw.dyn_keepalive=1) is that over >> time, hundreds of FIN_WAIT_2 tcp states occure. With some software, >> (vm-pop3d), it runs out of sockets, and I suspect the daemon does not >> know how to hadle this. >> >> So do a: >> >> sysctl net.inet.ip.fw.dyn_keepalive=0 >> >> and in about 10 minutes all FIN_WAIT_2 's dissappear. (well almost >> all). >> >> I expect it virtually shut down dynamic rules too in ipfw, but I have >> been reading more and more that people are saying don't use dynamics >> on a busy site. Anyone care to comment. >> >> -Grant > > Hi Grant, > > I have set sysctl net.inet.ip.fw.dyn_keepalive=0. But both FIN_WAIT_1 > and FIN_WAIT_2 does not seem to disappear. Even now, my squid proxy box > shows: > > 15 CLOSE_WAIT > 5 CLOSING > 2260 ESTABLISHED > 2083 FIN_WAIT_1 > 829 FIN_WAIT_2 > 132 LAST_ACK > 5 LISTEN > 28 SYN_SENT > 177 TIME_WAIT > 1 been > > Can you shed some light on this ? > > Thanking you.. > > - -- > > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu > > (TAG/TDG Group) > Jwl Systems Department > > Worldlink Communications Pvt. Ltd. > > Jawalakhel, Nepal > > http://www.wlink.com.np > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (FreeBSD) > > iD8DBQFF6V99VrOl+eVhOvYRAsf6AJ4tttOBTDoMcx/Cp1R/G9iAjUc/cQCfSnfQ > NXly6YRmPzjKbbppIroPtzs= > =2Z/B > -----END PGP SIGNATURE----- > >