On 9 Jul 2002, Dan Jacobson wrote: > [Just posted this to comp.security.firewalls when then I found out about > debian-firewall] > > OK, thanks folks for pointing out the possibility that conntrack might > be timing out especially over my overloaded 31K avg. modem. > I suppose there is no way to adjust the timeout?
Yes, there is :) > I also see Subject: iptables ip_conntrack bugs? (was: persistant connections?) > in linux.debian.maint.firewall > http://groups.google.com/groups?hl=zh-TW&lr=&ie=UTF-8&safe=off&frame=right&th=5fd3ce547f5f6918&seekm=Pine.LNX.4.40.0201201611120.3177-100000%40cicero.axis.se And I seem to be the author of that article. Another fellow asked me quite the same question today, and this i what I answered: On Mon, 8 Jul 2002, Cristian Ionescu-Idbohrn wrote: > > Date: Mon, 8 Jul 2002 20:58:28 +0200 (CEST) > From: Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> > To: Peter Lieven <[EMAIL PROTECTED]> > Subject: Re: ip_conntrack trouble > > On Mon, 8 Jul 2002, Peter Lieven wrote: > > > hi christian, > > > > if found your old posting in the debian-firewall list about the > > ip_conntrack timeout problems. as one of my monitoring systems runs > > into the same problem, although it has 32k max allowed tracked > > connections, i was wondering if you found a solution or fix for > > this? > > i'm running debian 3.0 with kernel 2.4.18. > > Hi Peter, > > Change the kernel source net/ipv4/netfilter/ip_conntrack_proto_tcp.c > and take down TCP_CONNTRACK_ESTABLISHED from '5 DAYS' to '2 HOURS'. > > After running since April with a modified kernel, I'm happy to > confirm: > > No problems, whatsoever ;-) > > And I'm glad to see a clean conntrack table (most of the time). > TCP_CONNTRACK_ESTABLISHED could probably be lowered to 1 hour without > problems. > > You can use the 'iptstate' package to check things out. I watched > what's going on (kept an xterm with an opened ssh session untouched) > and observed that: > > 1. when an ssh-connection is established, it gets the 2 hours TTL > 2. TTL decreases, as expected > 3. when the TTL reaches the 1.5 hours point, a new 2 hours TTL period > is assigned Cheers, Cristian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
