Date: Tue, 14 Sep 2010 04:03:02 -0700 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: Gareth de Vaux <bsd@lordcow.org> Cc: stable@freebsd.org Subject: Re: ipfw: Too many dynamic rules Message-ID: <20100914110302.GA84971@icarus.home.lan> In-Reply-To: <20100914103657.GA57521@lordcow.org> References: <20100909153902.GA28341@lordcow.org> <20100909162009.GA80375@icarus.home.lan> <20100910114908.GA55978@lordcow.org> <20100914103657.GA57521@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 14, 2010 at 12:36:57PM +0200, Gareth de Vaux wrote: > On Fri 2010-09-10 (13:49), Gareth de Vaux wrote: > > > Thirdly, if you feel FIN_WAIT2 is the cause of your problem, then you > > > should consider adjusting the following sysctl: > > > > > > net.inet.tcp.finwait2_timeout > > > > > > Try something like 15000 (15 seconds) instead of the default (60000). > > > > Ok that seems to be doing something. Will report back later. > > Nope it's not helping. That and/or dropping net.inet.ip.fw.dyn_ack_lifetime. You're absolutely certain these are all in FIN_WAIT_2 state and not TIME_WAIT? -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100914110302.GA84971>