[OpenAFS] Connection time out
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Tue, 2 Jul 2002 16:24:50 +0200
Hi,
On Tue, Jul 02, 2002 at 09:47:51AM -0400, Derek Atkins wrote:
> > > > Yes, I am behind a NAT, and I have directed port 7001 directly to my
> > > > workstation. Is it possible to prevent the port mappings from time out?
> > >
> > > Set the UDP timeouts to >10mins. How you do this depends on your
> > > NAT box.
> >
> > Just for general information (before someone else starts searching) - on
> > Linux 2.4.x (with netfilter code), there seems to be no way to alter
> > masquerading timeouts. Neither using the ipchains nor the iptables
> > command. The appropiate procedures are simply not implemented (as of
> > kernel 2.4.17).
> >
> > To increase the UDP timeout, edit
> > /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_udp.c
> > and change the "#define UDP_STREAM_TIMEOUT" at the beginning of that file.
> Umm, "ipchains -M -S" has no equivalent in netfilter?
No. It's a #define, not a variable.
<cite source="ip_fw_compat_masq.c">
int ip_fw_masq_timeouts(void *user, int len)
{
printk("Sorry: masquerading timeouts set 5DAYS/2MINS/60SECS\n");
return 0;
}
</cite>
> That seems like a bug.
I think it is definitely a missing feature. The man page for iptables does
not even contain the word "timeout".
Bye, Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/