[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
RE: Serious issue with ipchains and iptables
- From: Chuck Mead <csm MoonGroup com>
- To: "'redhat-list redhat com'" <redhat-list redhat com>
- Subject: RE: Serious issue with ipchains and iptables
- Date: Wed, 31 Oct 2001 11:56:15 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 31 Oct 2001, Burke, Thomas G. posted the following:
BTG>Generally, at the end of most ipchains scripts (that I've seen anyways)
BTG>there's a set of lines to tell the ipchains engine how long to allow masq'd
BTG>connections to stay alive... As I recall, the default is rediculously
BTG>short, so we generally add the following (or similar) lines (taken from my
BTG>firewall):
BTG>
BTG>#
BTG># Masq timeouts - tcp 8hrs, tcp after fin pkt 60s, udp 10min
BTG>$IPCHAINS -M -S 14400 60 600
BTG>echo -n "."
BTG>#
BTG>#
BTG>
BTG>I imagine that if I had a single connection that lasted longer than those
BTG>settings, I would get a similar message & get cut off... Could your problem
BTG>be thus related? Is your ftp time longer than what the firewall is
BTG>allowing?
Since I have the same problem with iptables and ipchains I have been
looking elsewhere. It's not a timeout on the ftp connection... it's
shutting down everything... no ssh, no mail, no browsing... nothing
until I restart the firewall.
- --
csm
Free Dmitry!
Boycott Adobe!
Repeal the DMCA!
Stop the SSSCA!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjvgLTEACgkQv6Gjsf2pQ0qYiQCeJZ19MZHPWWjZmFYiy9GNVL8r
PfAAoIwdoOOemi0bIMCqQA8PPbXzU6Sb
=Eswp
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]