-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 26 Feb 2007 10:13:49 -0500 "Grant Peel" <[EMAIL PROTECTED]> wrote:
> Hi All, > > I have done some research ... > > It appears that inn certain conditions, when the > net.inet.ip.fw.dyn_keepalive=1 (sysctl), remote clients or other > servers may not respond, and a new rule or dynamic rule is setup. > turning this to 0 seemed to help. > > The effect (of having net.inet.ip.fw.dyn_keepalive=1) is that over > time, hundreds of FIN_WAIT_2 tcp states occure. With some software, > (vm-pop3d), it runs out of sockets, and I suspect the daemon does not > know how to hadle this. > > So do a: > > sysctl net.inet.ip.fw.dyn_keepalive=0 > > and in about 10 minutes all FIN_WAIT_2 's dissappear. (well almost > all). > > I expect it virtually shut down dynamic rules too in ipfw, but I have > been reading more and more that people are saying don't use dynamics > on a busy site. Anyone care to comment. > > -Grant Hi Grant, I have set sysctl net.inet.ip.fw.dyn_keepalive=0. But both FIN_WAIT_1 and FIN_WAIT_2 does not seem to disappear. Even now, my squid proxy box shows: 15 CLOSE_WAIT 5 CLOSING 2260 ESTABLISHED 2083 FIN_WAIT_1 829 FIN_WAIT_2 132 LAST_ACK 5 LISTEN 28 SYN_SENT 177 TIME_WAIT 1 been Can you shed some light on this ? Thanking you.. - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np -----BEGIN PGP SIGNATURE----- Version: GnuPG v220.127.116.11 (FreeBSD) iD8DBQFF6V99VrOl+eVhOvYRAsf6AJ4tttOBTDoMcx/Cp1R/G9iAjUc/cQCfSnfQ NXly6YRmPzjKbbppIroPtzs= =2Z/B -----END PGP SIGNATURE----- _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"