|
On Fri, 31 Aug 2001, Joseph Mack wrote:
> > First, ssh connections get reset if there is no activity after 5 minutes
> > or so.
>
> actually it happens with any tcp connection
>
> LVS-HOWTO_1.7-22.html#ss22.13
>
> Joe
Thanks. If that's the case, I found the relevant code in the
kernel to modify this behavior in 2.4 kernels without using ipchains.
I got this info from
http://www.cs.princeton.edu/~jns/security/iptables/iptables_conntrack.html
and maybe you can add it to the howto.
In /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c , change
TCP_CONNTRACK_TIME_WAIT to however long you need to wait before a tcp
connection timeout.
Does anyone foresee a problem with other tcp connections as a result of
this? An regular tcp program will probably close the connection anyway.
static unsigned long tcp_timeouts[]
= { 30 MINS, /* TCP_CONNTRACK_NONE, */
5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */
2 MINS, /* TCP_CONNTRACK_SYN_SENT, */
60 SECS, /* TCP_CONNTRACK_SYN_RECV, */
2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
10 SECS, /* TCP_CONNTRACK_CLOSE, */
60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
2 MINS, /* TCP_CONNTRACK_LISTEN, */
};
- Brent
|
