From owner-freebsd-stable@FreeBSD.ORG Fri May 30 19:17:13 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5C291065673 for ; Fri, 30 May 2008 19:17:13 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.freebsd.org (Postfix) with ESMTP id 9B9478FC27 for ; Fri, 30 May 2008 19:17:13 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 5070 invoked by uid 399); 30 May 2008 19:29:22 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 30 May 2008 19:29:22 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <484052B7.2050906@FreeBSD.org> Date: Fri, 30 May 2008 12:17:11 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.14 (X11/20080525) MIME-Version: 1.0 To: Robert Blayzor References: <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> <483DE2E0.90003@FreeBSD.org> <483E36CE.3060400@FreeBSD.org> <483E3C26.3060103@paradise.net.nz> <483E4657.9060906@FreeBSD.org> <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org> <200805291912.m4TJCG56025525@apollo.backplane.com> <14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net> <200805291930.m4TJUeGX025815@apollo.backplane.com> <0C827F66-09CE-476D-86E9-146AB255926B@inoc.net> <200805292132.m4TLWhCv026720@apollo.backplane.com> <200805300055.m4U0tkqx027965@apollo.backplane.com> <483F6F66.4050909@FreeBSD.org> In-Reply-To: X-Enigmail-Version: 0.95.6 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 19:17:13 -0000 Robert Blayzor wrote: > On May 29, 2008, at 11:07 PM, Doug Barton wrote: >> Hrrm, are you running ipfw ON the web server box? If so, I'd be >> curious as to why, and whether or not the problem goes away if you >> take IPFW out of the equation. If IPFW is running on another machine, >> never mind. > > > > Yes, IPFW is running on the box. Why not? I'm not sure why, but I sense hostility on your part. I'm not sure why, since that is an odd reaction to someone who is trying to help you. If I'm wrong about that, never mind. A basic rule of system administration is to have a good reason for everything you do. If you have some kind of need for a firewall on your web server, that's fine. Personally I prefer not to run firewalls on application servers, but TIMTOWTDI. The real crux of my question (which you did not answer) is, does the problem go away if you take IPFW completely out of the equation? If the answer to that is yes, it greatly narrows the focus of the investigation. I think that the theories that have been proposed by others that the FIN_WAITs are a symptom of a problem in the clients is not only possible, it's likely. I'm just not sure it's the complete story. In any case, I wish you luck with this, I think I've done all the good I can do here. Doug -- This .signature sanitized for your protection