[OpenAFS] setting UDP timeouts without ipchains
Chaskiel M Grundman
cg2v@andrew.cmu.edu
Sun, 11 Sep 2005 17:15:48 -0400
--On Saturday, September 10, 2005 11:25:25 PM -0700 Manfred Lau
<manfredcml@yahoo.com> wrote:
> I've seen the same error in previous posts, but
> the solution was to use /sbin/ipchains to set
> the UDP timeout to be > 10 minutes.
That advice is only relevant if a nat or stateful firewall is in use and
the change must be made on whatever machine runs the nat or stateful
firewall.
These parameters are now tunable using sysctl, but only after the
ip_conntrack module is loaded.
Be sure and change both parameters (the second is used once a reply is
received, at least in 2.6.8).
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180