Date: Fri, 30 May 2008 12:17:11 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Robert Blayzor <rblayzor.bulk@inoc.net> Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 Message-ID: <484052B7.2050906@FreeBSD.org> In-Reply-To: <C1CC6D9D-6584-43BD-8675-021A0495FDA3@inoc.net> References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net> <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> <483DE2E0.90003@FreeBSD.org> <B775700E-7494-42C1-A9B2-A600CE176ACB@inoc.net> <483E36CE.3060400@FreeBSD.org> <483E3C26.3060103@paradise.net.nz> <483E4657.9060906@FreeBSD.org> <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org> <200805291912.m4TJCG56025525@apollo.backplane.com> <14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net> <200805291930.m4TJUeGX025815@apollo.backplane.com> <0C827F66-09CE-476D-86E9-146AB255926B@inoc.net> <200805292132.m4TLWhCv026720@apollo.backplane.com> <CCBAEE3E-35A5-4BF8-A0B7-321272533B62@inoc.net> <200805300055.m4U0tkqx027965@apollo.backplane.com> <EB975E1A-7995-4214-A2CC-AE2D789B19AB@inoc.net> <483F6F66.4050909@FreeBSD.org> <C1CC6D9D-6584-43BD-8675-021A0495FDA3@inoc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Blayzor wrote:
> On May 29, 2008, at 11:07 PM, Doug Barton wrote:
>> Hrrm, are you running ipfw ON the web server box? If so, I'd be
>> curious as to why, and whether or not the problem goes away if you
>> take IPFW out of the equation. If IPFW is running on another machine,
>> never mind.
>
>
>
> Yes, IPFW is running on the box. Why not?
I'm not sure why, but I sense hostility on your part. I'm not sure
why, since that is an odd reaction to someone who is trying to help
you. If I'm wrong about that, never mind.
A basic rule of system administration is to have a good reason for
everything you do. If you have some kind of need for a firewall on
your web server, that's fine. Personally I prefer not to run firewalls
on application servers, but TIMTOWTDI.
The real crux of my question (which you did not answer) is, does the
problem go away if you take IPFW completely out of the equation? If
the answer to that is yes, it greatly narrows the focus of the
investigation.
I think that the theories that have been proposed by others that the
FIN_WAITs are a symptom of a problem in the clients is not only
possible, it's likely. I'm just not sure it's the complete story.
In any case, I wish you luck with this, I think I've done all the good
I can do here.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?484052B7.2050906>