On Thu, Mar 30, 2006 at 01:58:19PM -0600, Bill Marquette wrote: > Any suggestions??? I'm guessing most people aren't seeing this as > they are connecting to multiple hosts, not a select few at a "decent" > connection rate.
Is squid re-using the same source address AND port for all those connections? Or just the source address, with random source ports? The former couldn't possibly work at a rate of once per second. The latter shouldn't cause much of a problem with that rate. Are you sure you decreased the right timeout? Those states should all be using the tcp.closed timeout (default 90s), if the connections were closed normally (which might be confusing, as netstat calls it FIN_WAIT_2). Run pfctl -ss, if they show up as FIN_WAIT_2:FIN_WAIT_2, that means pf is applying the tcp.closed timeout, and pfctl -vss should show 'expires in' accordingly. Daniel
