>>One question though - why do TCP masquerade entries time out in 15
>>minutes?
>It's just the default timeout.
I guess my question is, why do they timeout at all? Since you know
when a TCP connection is closed (because the socket is explicitly shut
down), why not just wait for that and then close the connection? I
guess I can just bump the timeout up to 24 hours or so. But I'm trying
to understand if there's a good reason they timeout at all right now.
The only thing I can think of is that there might be some situation
where the router never hears that the connection closed down. How can
this happen? I guess it would happen if both ends simultaneously just
dropped off the net, but what about if only one of them did?
The ipfwadm implies that IP-Masq watches for TCP FIN packets. Is there
a circumstance where those never get sent?
Thanks
Nelson
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
