Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Sep 2004 22:48:15 +0100
From:      Rob <robert@irrelevant.com>
To:        questions@freebsd.org
Subject:   4.10, Jails, apache and FIN_WAIT_1
Message-ID:  <6.1.2.0.0.20040918222850.03091b40@albert>
next in thread | raw e-mail | index | archive | help 
Hi..

Due to unreliable hardware, I transferred my (very lightly loaded) 
webserver from it's own machine, running FreeBSD 5.2, to a jail on 
alternate machine running 4.10-STABLE (Cvsup'd as of 14/9/04).

The new system is a Pentium III, 1GHz, 384Mb RAM, dual 40Gb drives (on a 
SiL 0680 ATA133 Raid controller, as RAID 1) it's running mysqld as well, 
but should be able to cope.

I installed latest versions of all the software, (ran portupgrade) but just 
copied over the apache config folder from /usr/local/etc on the other 
machine.  It's not complained.  The data area was nfs mounted from the 
machine I just moved apache to, so I've just nfs-mounted this at the 
appropriate mount point inside the jail.

The problem is, I'm getting a lot of stalled connections when accessing the 
webserver.  running netstat on the host shows e.g.:


tcp4       0      0  jade.http     212.57.246.42.35590    FIN_WAIT_1
tcp4       0      0  jade.http     212.57.246.42.35585    ESTABLISHED
tcp4       0      0  jade.http     212.57.246.42.35555    CLOSING

This one is me - while this FIN_WAIT_1 is present, I cannot persuade my 
browser (Opera 7.52 on Windows 2K) to work - it sits with "Sending request 
to www..." in the status line.  Pressing refresh does nothing...  as soon 
as the FIN_WAIT_1 vanishes, then everything is OK again, for a few more 
minutes.

I'm running apache-1.3.31_4 in the jail, which was set up simply as per the 
jail man page, then ssh enabled.

No software firewall (this server is behind a NATing ADSL router, the 
configuration of which has not changed bar the http port-forwarding IP 
address, and I am behind a hardware firewall, ditto no changes.  I do block 
ICMP on my firewall, but it's never caused this sort of problem before.

Googling for FIN_WAIT_1 throws up some hits about a DoS vulnerability, but 
nothing I can see that relates to the problem I am having.  This is hardly 
a complicated configuration, so is there something I am missing, some 
kernel configuration issue maybe, that I should know about?

Any pointers towards where I should look next would be much appreciated,

Thanks in advance,

Rob O'Donnell.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.2.0.0.20040918222850.03091b40>