|
<Michael said..>
> Does anyone have any suggestions as to how to purge this
> table manually?
why do you need to reset connections? another option (if you are running
out of dynamic ports) might be something like ...
<sysctl.conf for redhat>
# enable larger, higher port range for dynamic connections
net.ipv4.ip_local_port_range = 32768 60099
followed of course by a rule like.. (you probably have something like this
already)
<ipchains.rules.file>
# allow return packets from connections we init
/sbin/ipchains -A input -i eth0 -p tcp ! -y -j ACCEPT
<from LVS-howto>
Can we alter directly /proc/net/ip_masquerade ?
No, it is not feasible, because directly modifying masq entries will break
the established connection <-- isn't that what you want to do?
if you do not like the prospect of altering directly perhaps try a shell
script:
#!/bin/sh
#hopefully this works and you won't shoot yourself in the foot...
ipchains -M -S 1 0 0
sleep 5
ipchains -M -S 7200 0 0
I have no idea if that works or not.. do you feel like a guinea pig? :)
Peter
|
