From owner-freebsd-net@FreeBSD.ORG  Fri May 13 19:09:32 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B2D1016A4D8
	for <freebsd-net@freebsd.org>; Fri, 13 May 2005 19:09:32 +0000 (GMT)
Received: from relay.pair.com (relay00.pair.com [209.68.1.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 2A73F43D79
	for <freebsd-net@freebsd.org>; Fri, 13 May 2005 19:09:32 +0000 (GMT)
	(envelope-from silby@silby.com)
Received: (qmail 21142 invoked from network); 13 May 2005 19:09:31 -0000
Received: from unknown (HELO localhost) (unknown)
  by unknown with SMTP; 13 May 2005 19:09:31 -0000
X-pair-Authenticated: 209.68.2.70
Date: Fri, 13 May 2005 14:09:16 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Matt Ruzicka <matt@frii.com>
In-Reply-To: <Pine.BSF.4.58.0505131247380.4892@elara.frii.com>
Message-ID: <20050513140619.V15203@odysseus.silby.com>
References: <Pine.BSF.4.58.0505121627400.66727@elara.frii.com>
	<Pine.BSF.4.58.0505131031400.66727@elara.frii.com>
	<Pine.BSF.4.58.0505131247380.4892@elara.frii.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-net@freebsd.org
Subject: Re: **net** Re: Outbound TCP issue, potentially related
 to'FreeBSD-SA-05:08.kmem  [REVISED]'
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2005 19:09:32 -0000


On Fri, 13 May 2005, Matt Ruzicka wrote:

> Yes, it still does.  And actually the script Maxim attached to his last
> email (using our IP's) has an interesting side effect of causing the
> connections to fail.
>
> It doesn't fail right away, but within a few moments.

Are you perhaps exhausting all ports?  Try changing

net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000

to

net.inet.ip.portrange.first=1024 (unchanged)
net.inet.ip.portrange.last=65535

so that you have tons of potential ports.  You might just have some stuck 
in the TIME_WAIT state causing you problems or something right now.

Mike "Silby" Silbersack