From: Kenn Humborg (kenn at domain bluetree.ie)
Date: Tue 11 Jul 2000 - 13:49:57 IST
Here's an interesting snippet of information:
In Linux 2.0.x, the default TCP keepalive was 15 mins.
That meant that every 15 mins, the TCP stack would send
a packet to the remote end of each connection, just to
see if it was still there.
In Linux 2.0.x, the default IP masquearading timeout for
active TCP connections was 15 mins. So as long as there
was traffic over the masqueraded connection every 15 mins,
the masq entries would stay alive. (Setting this to 16 mins
would probably have been a better idea, given the TCP
keepalive of 15 mins. No matter...)
In Linux 2.2.x, the default TCP keepalive interval was
extended to 3 hours. So if you have a masqueaded connection
from a 2.2 machine through a 2.0 masq box, you'll find
that inactive connections get mysteriously dropped.
I don't know what the default IP masq timeout is under 2.2,
but if it is still 15 mins, then idle connections via a
2.2 masq box will also be dropped.
You'll need to tweak either or both of the IP masq timeout
on the firewall and the TCP keepalive timer on the client:
On linux 2.0.x set the IP masq timeout to just over 3 hours:
# ipfwadm -M -s 11000 0 0
On linux 2.2.x, set the TCP keepalive timer to just under
# echo 870 > /proc/sys/net/ipv4/tcp_keepalive_time
As Kate would so eloquently say: mutter, mutter...
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:50 GMT