Do you have ipfw or other firewall running?

Did you restart the network?

-Grant

----- Original Message ----- From: "Tek Bahadur Limbu" <[EMAIL PROTECTED]>
To: "Grant Peel" <[EMAIL PROTECTED]>
Cc: <freebsd-questions@freebsd.org>
Sent: Saturday, March 03, 2007 6:43 AM
Subject: Re: Fw: FIN_WAIT_2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 26 Feb 2007 10:13:49 -0500
"Grant Peel" <[EMAIL PROTECTED]> wrote:

Hi All,

I have done some research ...

It appears that inn certain conditions, when the net.inet.ip.fw.dyn_keepalive=1 (sysctl), remote clients or other
servers may not respond, and a new rule or dynamic rule is setup.
turning this to 0 seemed to help.

The effect (of having net.inet.ip.fw.dyn_keepalive=1) is that over
time, hundreds of FIN_WAIT_2 tcp states occure. With some software,
(vm-pop3d), it runs out of sockets, and I suspect the daemon does not
know how to hadle this.

So do a:

sysctl net.inet.ip.fw.dyn_keepalive=0

and in about 10 minutes all FIN_WAIT_2 's dissappear. (well almost
all).

I expect it virtually shut down dynamic rules too in ipfw, but I have
been reading more and more that people are saying don't use dynamics
on a busy site. Anyone care to comment.

-Grant

Hi Grant,

I have set sysctl net.inet.ip.fw.dyn_keepalive=0. But both FIN_WAIT_1
and FIN_WAIT_2 does not seem to disappear. Even now, my squid proxy box
shows:

15 CLOSE_WAIT
  5 CLOSING
2260 ESTABLISHED
2083 FIN_WAIT_1
829 FIN_WAIT_2
132 LAST_ACK
  5 LISTEN
 28 SYN_SENT
177 TIME_WAIT
  1 been

Can you shed some light on this ?

Thanking you..

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFF6V99VrOl+eVhOvYRAsf6AJ4tttOBTDoMcx/Cp1R/G9iAjUc/cQCfSnfQ
NXly6YRmPzjKbbppIroPtzs=
=2Z/B
-----END PGP SIGNATURE-----


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to