On Sun, Dec 24, 2000 at 12:52:12PM +1100, James Morris wrote:
> On Sat, 23 Dec 2000, Cesar Eduardo Barros wrote:
>
> > Then what do you do when you are behind a NAT? And how do you expire entries in
> > ESTABLISHED state that could stay lingering forever without some sort of
> > keepalive? (The FINs might have been lost due to a conectivity transient, so
> > you can have another perfectly valid and alive connection with the same host,
> > and application-level timeouts are useless for some applications
> > (*cough*nc*cough*))
>
> Typically, you choose a practical value for timing out inactive but
> otherwise seemingly established TCP connections. The 2.4 connection
> tracking code (used for NAT) uses a value of five days for this.
>
Yeah. But I'm stuck with a NAT (which isn't mine, btw) which uses 2.1.xxx-2.2.x
(according to nmap). Which had a default of 15 *minutes* (as I read in a HOWTO
somewhere). I'm trying to convince the sysadmin to raise it to two hours, but I
bet it'll be hard.
--
Cesar Eduardo Barros
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
