4.10, Jails, apache and FIN_WAIT_1
Rob
robert at irrelevant.com
Sat Sep 18 14:48:25 PDT 2004
Hi..
Due to unreliable hardware, I transferred my (very lightly loaded)
webserver from it's own machine, running FreeBSD 5.2, to a jail on
alternate machine running 4.10-STABLE (Cvsup'd as of 14/9/04).
The new system is a Pentium III, 1GHz, 384Mb RAM, dual 40Gb drives (on a
SiL 0680 ATA133 Raid controller, as RAID 1) it's running mysqld as well,
but should be able to cope.
I installed latest versions of all the software, (ran portupgrade) but just
copied over the apache config folder from /usr/local/etc on the other
machine. It's not complained. The data area was nfs mounted from the
machine I just moved apache to, so I've just nfs-mounted this at the
appropriate mount point inside the jail.
The problem is, I'm getting a lot of stalled connections when accessing the
webserver. running netstat on the host shows e.g.:
tcp4 0 0 jade.http 212.57.246.42.35590 FIN_WAIT_1
tcp4 0 0 jade.http 212.57.246.42.35585 ESTABLISHED
tcp4 0 0 jade.http 212.57.246.42.35555 CLOSING
This one is me - while this FIN_WAIT_1 is present, I cannot persuade my
browser (Opera 7.52 on Windows 2K) to work - it sits with "Sending request
to www..." in the status line. Pressing refresh does nothing... as soon
as the FIN_WAIT_1 vanishes, then everything is OK again, for a few more
minutes.
I'm running apache-1.3.31_4 in the jail, which was set up simply as per the
jail man page, then ssh enabled.
No software firewall (this server is behind a NATing ADSL router, the
configuration of which has not changed bar the http port-forwarding IP
address, and I am behind a hardware firewall, ditto no changes. I do block
ICMP on my firewall, but it's never caused this sort of problem before.
Googling for FIN_WAIT_1 throws up some hits about a DoS vulnerability, but
nothing I can see that relates to the problem I am having. This is hardly
a complicated configuration, so is there something I am missing, some
kernel configuration issue maybe, that I should know about?
Any pointers towards where I should look next would be much appreciated,
Thanks in advance,
Rob O'Donnell.
More information about the freebsd-questions
mailing list