On 09 Jul 2002 08:53:18 +0800 Dan Jacobson <[EMAIL PROTECTED]> wrote:
> >> Change the kernel source net/ipv4/netfilter/ip_conntrack_proto_tcp.c > >> and take down TCP_CONNTRACK_ESTABLISHED from '5 DAYS' to '2 HOURS'. > Ha ha "Change the kernel source". Did I tell you I am a junior user > and mom specifically told me not to "change the kernel source". > > Anyway, I'm just curious. Why didn't they make it one of those > echo 12345 > /proc/zzz/xxx/ccc/ adjustible things? > > By the way, I did iptables -F; iptables -X but my google connection > problems continued until I hung up the phone. Could clearing the > iptables not necessarily clear the conntrack problem, or does this > show that my problems are just bandwidth to google over 56k? > > Maybe if i take the close only the problem areas approach to security > i wont have so many problems. > > OK, i put my iptables on http://jidanni.org/test/0-jidanni-firewall > It is causing me lots of http://jidanni.org/test/firewall-errors > As well as only about 1 success for each 3 google clicks. > I use http://jidanni.org/comp/system.txt > -- > http://jidanni.org/ Taiwan(04)25854780 > You could always make your system more aggresive by using: echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sysy/net/ipv4/tcp_keepalive_time echo 180 > /proc/sys/net/ipv4/tcp_keepalive_intvl That's the settings I use anyway, not that I have DUN though. Do some research and read some of the kernel documentation located in the source: /usr/src/linux/Documentation/networking/ip-sysctl.txt You might want to try and find a google mirror near you :D Stef -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
