FIN_WAIT_2
Robert Gogolok
robertgogolok at web.de
Mon Mar 21 09:03:18 PST 2005
I have set up a webserver behind a bridged firewall, something like:
INTERNET --------- FIREWALL --------- WEBSERVER
The webserver is running FreeBSD, and currently I get many FIN_WAIT_2
states:
# netstat -n -p tcp | grep FIN_WAIT_2 | wc -l
48
I wonder WHAT is responsible for sending every 5 minutes ACK messages to
the clients in FIN_WAIT_2 state?
tcp.inet.tcp.always_keepalive seems to be something else
# netstat -n -p tcp | grep FIN_WAIT_2 | grep HTTP_CLIENT
tcp4 0 0 134.96.240.1.80 HTTP_CLIENT.10228
FIN_WAIT_2
# tcpdump -S -i vr0 dst host HTTP_CLIENT
16:04:12.987415 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 0
16:04:12.987678 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 32900
16:08:57.944008 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 0
16:08:57.944300 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 32900
.
.
.
17:39:12.124577 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 0
17:39:12.124862 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 32900
17:43:57.081176 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 0
17:43:57.081434 IP HTTP_SERVER.http > HTTP_CLIENT.10228: . ack
1760359226 win 32900
The bridged firewall seems to block exactly those ACK's.
The setup is a simple stateful firewall, something like:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -d HTTP_SERVER --dport 80 -j ACCEPT
Is blocking the ACK messages above somehow harmful?
Greetings,
Robert
More information about the freebsd-questions
mailing list