From: Kenn Humborg (kenn at domain bluetree.ie)
Date: Tue 11 Jul 2000 - 15:32:27 IST
> > On Tue, 11 Jul 2000, Kenn Humborg wrote:
> >
> > > I'd go for 10810 to allow for a little more leeway.
> > >
> >
> > isn't this a slight risk on high load servers? eg, you'll run
> out of ports
> > a lot quicker with longer timeouts.
>
> Yup. I'm assuming that if you're running a firewall that
> is this busy, you have enough clues to decide for yourself
> how you want to tune it.
On second thoughts, nope. This timeout value only applies
to ESTABLISHED TCP connections. As soon as a FIN packet
goes either way, the time drops to 2 mins (by default).
You can tweak this timeout as well.
So the 10810 setting won't really have much effect, unless
you've got a lot of machines crashing while TCP connections
are open (which isn't a problem here as everyone's running
Linux-only networks, aren't we? :-)
Later,
Kenn
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:50 GMT