From: Colin Whittaker (grimnar at domain redbrick.dcu.ie)
Date: Tue 11 Jul 2000 - 14:00:53 IST
Kenn Humborg stated the following on Tue, Jul 11, 2000 at 01:49:35PM +0100 :
>
> Here's an interesting snippet of information:
>
> In Linux 2.0.x, the default TCP keepalive was 15 mins.
> That meant that every 15 mins, the TCP stack would send
> a packet to the remote end of each connection, just to
> see if it was still there.
>
> In Linux 2.0.x, the default IP masquearading timeout for
> active TCP connections was 15 mins. So as long as there
> was traffic over the masqueraded connection every 15 mins,
> the masq entries would stay alive. (Setting this to 16 mins
> would probably have been a better idea, given the TCP
> keepalive of 15 mins. No matter...)
>
> In Linux 2.2.x, the default TCP keepalive interval was
> extended to 3 hours. So if you have a masqueaded connection
> from a 2.2 machine through a 2.0 masq box, you'll find
> that inactive connections get mysteriously dropped.
>
> I don't know what the default IP masq timeout is under 2.2,
> but if it is still 15 mins, then idle connections via a
> 2.2 masq box will also be dropped.
>
> You'll need to tweak either or both of the IP masq timeout
> on the firewall and the TCP keepalive timer on the client:
>
> On linux 2.0.x set the IP masq timeout to just over 3 hours:
> # ipfwadm -M -s 11000 0 0
why set the others to zero.
> On linux 2.2.x, set the TCP keepalive timer to just under
> 15 mins:
> # echo 870 > /proc/sys/net/ipv4/tcp_keepalive_time
>
> As Kate would so eloquently say: mutter, mutter...
we just had our 2.0.36 based masq gateway run out of ports.
Is there any way to see/adjust the port range used for masq.
Can you adjust the timeout on a per connection basis (ie only bother for
ssh sessions )
Colin
--
I guess, I relate more to a satanic chicken and an over sexed
goat more than tech support people :)
-- orly
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:50 GMT