I have set up a webserver behind a bridged firewall, something like:
INTERNET --------- FIREWALL --------- WEBSERVER
The webserver is running FreeBSD, and currently I get many FIN_WAIT_2 states:
# netstat -n -p tcp | grep FIN_WAIT_2 | wc -l
48
I wonder WHAT is responsible for sending every 5 minutes ACK messages to the clients in FIN_WAIT_2 state?
tcp.inet.tcp.always_keepalive seems to be something else
# netstat -n -p tcp | grep FIN_WAIT_2 | grep HTTP_CLIENT
tcp4 0 0 134.96.240.1.80 HTTP_CLIENT.10228 FIN_WAIT_2
# tcpdump -S -i vr0 dst host HTTP_CLIENT
16:04:12.987415 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 0
16:04:12.987678 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 32900
16:08:57.944008 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 0
16:08:57.944300 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 32900
.
.
.
17:39:12.124577 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 0
17:39:12.124862 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 32900
17:43:57.081176 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 0
17:43:57.081434 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack 1760359226 win 32900
The bridged firewall seems to block exactly those ACK's. The setup is a simple stateful firewall, something like: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -d HTTP_SERVER --dport 80 -j ACCEPT
Is blocking the ACK messages above somehow harmful?
Greetings, Robert _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
