Re: Masquerading - extending the timeout values

Jeff Bailey (jbailey@nisa.net)
Fri, 4 Sep 1998 15:35:48 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steven N. Hirsch: "Re: Why nfsd in the kernel?"
Previous message: Andrea Arcangeli: "Re: 2us Interrupt latency's for Linux 2.0.xx"
Maybe in reply to: Mark Lehrer: "Masquerading - extending the timeout values"
Next in thread: Brandon S. Allbery KF8NH: "Re: Masquerading - extending the timeout values"

> Is it possible to have a masquerading Linux system keep a TCP connection
> alive for a longer period of time?

Yup! I have a database server that I connect to that needs 2 Hour timeouts
because of how long it takes to process. The following did it for me:

/sbin/ipfwadm -Ms 7200 7200 7200

The three timeout values represent TCP sessions, TCP sessions after receiving
a FIN packet, and UDP packets. Note that 0 means accept current value.

I probably don't need the second value set as high, and I have had
problems where I've filled up the masquerade table (I don't know how
many entries it can take, but it seems to be in the thousands).

Hope this helps!

Tks,
Jeff Bailey

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/faq.html

Next message: Steven N. Hirsch: "Re: Why nfsd in the kernel?"
Previous message: Andrea Arcangeli: "Re: 2us Interrupt latency's for Linux 2.0.xx"
Maybe in reply to: Mark Lehrer: "Masquerading - extending the timeout values"
Next in thread: Brandon S. Allbery KF8NH: "Re: Masquerading - extending the timeout values"