On Thu, 21 May 1998, William Stearns wrote:
> On Wed, 20 May 1998, Karsten Jeppesen wrote:
>
> > I may not have expressed myself clearly the first time. So here is the Q
> > again...
> >
> > When the modem connection fails it would be nice to be able to clear the
> > masq table. Especially for those programs which requires a non masq'ed
> > ports like CuSeeMe.
> > Otherwise you aren't able to do another connection before the first table
> > entry times out.
> > The ipfwadm can only remove the rules not the entries themselves.
> >
> > It should be possible to do with the connection-down and connection-up
> > scripts for the pppd.
> >
> > Anyone knows how to do it? I mean the contents of the up/down script?
>
> Try using "ipfwadm -M -s 2 2 2", which lowers the timeout to 2
> seconds for each of the entries in the table. Within two seconds all of
> your connections should be cleared from the table. To return these
> timeouts to their original values, use "ipfwadm -M -s 900 120 300" (I'm
> pretty sure these are the correct values.
> "man ipfwadm" talks a little bit more about this. As you probably
> already knew "netstat -a -M" shows the current masq table entries, and
> "netstat -a -M -c" show them once a second continuously.
> I would guess that sticking the 222 command in ip-down and the
> 900120300 in ip-up would give the effect you're looking for, but I'm not
> positive.
> Does this get you any closer?
I need to remember to hold onto responses for a few minutes to
make sure I've thought of everything... ;-)
I think something like:
ipfwadm -M -s 2 2 2
sleep 30
ipfwadm -M -s 900 120 300
in ip-down would do better. Otherwise, any connections initiated
while the link is down will timeout in two seconds; not enough time for
the link to even come up.
There's one more annoyance to this process. The timers only get
set to 2 if there's real activity on that masq table entry. If no packets
are flowing through, they never get touched and simply expire based on the
original timeouts. Bug? Feature? It's probably somewhere in between.
Cheers,
- Bill
<offtopic>
P.S. Hi Erik!
</offtopic>
---------------------------------------------------------------------------
Unix _is_ user friendly. It's just very selective about who its friends
are. And sometimes even best friends have fights.
William Stearns ([EMAIL PROTECTED])
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
