On Mon, Mar 04, 2002 at 09:40:23AM -0500, Steven W. Orr wrote: > If I wanted to "extend the TCP conntrack timeouts in the source and > recompiling" how would I do this? Or should the firewall hits I'm getting > be considered to be harmless?
They should be considered mostly harmless, though it would be better if they were terminated properly. The TCP conntrack timeouts are in linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c, in an array appropriately named "tcp_timeouts[]". The ones you're probably interested in are FIN_WAIT, TIME_WAIT and CLOSE_WAIT. Try increasing them a little and see if it helps (though 2 minutes is pretty generous as it is). -- Scottie Shore <[EMAIL PROTECTED]> "Experience is that marvelous thing that enables you to recognize a mistake when you make it again." -- F. P. Jones
msg00618/pgp00000.pgp
Description: PGP signature
