> In particular, HTTP works just fine - once a page is hit, the link has
> an additional 10 minutes of live time, however despite many efforts at
> tweaking the filter set - I can't replicate this behavior for other
> protocols (i.e. POP3 and SMTP). I've attached my standard.filter for
> your edification -- it's pretty standard. What I think should be simple
> (replicate the two lines present for HTTP and alter the protocol)
> doesn't work -- instead the connection *starts* out right, but as soon
> as the TCP session is finished (i.e. the mail is sent, the POP session
> over) the timer on that item in the queue drops to 5 seconds (always the
> same number).
I've only had a quick look at your filter file, so I may have missed something,
but I think the problem is as follows. Samples from my filter file.
First,
# Once the link is no longer live, we try to shut down the connection
# quickly.
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
is a general rule saying that when a TCP connection closes the link should only
stay up for a further 5 seconds.
Now, check the http rule:
ignore tcp !tcp.live,tcp.dest=tcp.www
ignore tcp !tcp.live,tcp.source=tcp.www
accept tcp 240 tcp.dest=tcp.www
accept tcp 240 tcp.source=tcp.www
The first two lines are specifically modifying that 5 second rule, saying that
for HTTP connections the close of the connection should be ignored. So HTTP
packets will give the link a further 4 minutes even if the link closes.
I think what you're wanting is similar for POP3 and SMTP. You may simply want
just to comment out the general TCP close rule, or (as with HTTP above) specify
that closes are to be ignored for specific protocols.
---
Jim Hague - [EMAIL PROTECTED] (Work), [EMAIL PROTECTED] (Play)
Never trust a computer you can't lift.
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
