From owner-freebsd-questions@FreeBSD.ORG  Fri May 11 21:49:14 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9A8E7106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 11 May 2012 21:49:14 +0000 (UTC) (envelope-from chad@shire.net)
Received: from mail.shire.net (mail.shire.net [199.102.78.250])
	by mx1.freebsd.org (Postfix) with ESMTP id 7812A8FC08
	for <freebsd-questions@freebsd.org>;
	Fri, 11 May 2012 21:49:14 +0000 (UTC)
Received: from c-76-27-96-201.hsd1.ut.comcast.net ([76.27.96.201]
	helo=[192.168.99.216])
	by mail.shire.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77)
	(envelope-from <chad@shire.net>) id 1SSx5X-000C3F-HB
	for freebsd-questions@freebsd.org; Fri, 11 May 2012 15:09:23 -0600
From: "Chad Leigh Shire.Net LLC" <chad@shire.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Fri, 11 May 2012 15:09:22 -0600
Message-Id: <D8AF0C20-E2C0-44A4-89DF-B614F3DBBFF6@shire.net>
To: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
X-SA-Exim-Connect-IP: 76.27.96.201
X-SA-Exim-Mail-From: chad@shire.net
X-SA-Exim-Scanned: No (on mail.shire.net); SAEximRunCond expanded to false
Subject: question on SYN_SENT 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 21:49:14 -0000


it is my understanding that SYN_SENT is when MY SIDE sends out a request =
and is awaiting a reply?

One of the jails we run for a customer had hundreds (if not thousands) =
of attempts to connect from the 147. address you see below.   It was =
exhausting resources so that new tcp connections could not be made until =
some closed.

I added that address to a "pf" block statement to stop it but now we get =
a rolling connections in a "netstat -a" as show below (host. being a =
generic name used in place of actual host on our side).   I am wondering =
if this shows something on our side trying to connect out?  That is what =
it appears to me to be, which does not  make sense.


tcp4       0      0 host.52562         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52561         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52560         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52559         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52558         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52557         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52556         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52555         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52554         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52553         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52552         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52551         147.237.76.155.http    SYN_SENT
tcp4       0      0 host.52550         147.237.76.155.http    SYN_SENT



thanks
Chad