>I know zilch about quake....
>However I guess its making a UDP connection to each server in turn, and
>that there are a number of servers - guesstimate of the order of a
>thousand plus.
>
>Thats going to open up masq tunnels which with UDP remain until they time
>out.
I bet you are right on this one. As it stands, I pushed up my UDP
timeout to something lame like 5hrs because ICQ was flapping. It
was only later that I learn that you can change ICQ's refresh directly.
I'll try putting my UDP timeout to somthing like 80 seconds and
see if that helps. Do you think I should put the timeout even lower?
>also for DNS.... what other UDP are people putting through their
>masq?? The quake module would possibly be able to diddle with the
>timeouts as another near solution. [or if a signoff was sent as
>part of the protocol it could close the
>tunnel down]
Since I have you on the line, maybe you have an idea on these two
things:
1) I've seen in the past that a "ipfwadm -M -l" will
show a LOT of old, timing out MASQed connections
(tcp timeout is 5 hrs). Anyway, much like clearing
IPFWADM's input or output rulesets, how can I
delete all the MASQ entries as shown in
"ipfwadm -M -l"? Is there something I can cat into
/proc/net/ip_masquerade to clear it out?
I thought that I could just change the UDP timeouts to
1 second and let all the MASQ connections expire.
Unfortunately, it seems that when you change the
timeouts, it will only effect newly setup connections.
All the existing UDP MASQ connections still had their
original timeouts.
2) When MASQ was dieing, I notice that the ip_masq_quake
module was "Used by 169". This seems awefully high
to me but then again, I don't understand what that
number means. Anyway, When I got that no free udp
ports available error, I tried to unload the quake
module only to see that it was "busy". Is there a
way to FORCE modules to unload? Would this require
a change the the rmmod tool?
Thanks for your time Nigel (and anyone else that has some ideas!).
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
