Martin Josefsson wrote:
On Wed, 4 May 2005, Henrik Nordstrom wrote:
On Mon, 2 May 2005, Mogens Valentin wrote:
I fail to understand why TCP_CONNTRACK_ESTABLISHED has to be 5 days.
The likelyhood for valid TCP connections without a single packet for some
days is relatively high. Consider for example a SSH or telnet session left
open over the weekend (without TCP keepalives enabled).
This is exactly the reason why it was set so high in the first place, to
be able to be away from your workstation over a long weekend and still be
able to use the telnet session when you come back.
I do this all the time :)
And I thought telnet in these modern unsafe times weren't but a mere
shortterm testing tool :)
WRT ssh, on the sshd side of things, for protocol 2 at least,
ClientAliveInterval/ClientAliveCountMax can easily keep that ssh session
open over the weekend.
Works well for me with a 10 min conntrack timeout, no probs with any
other services for weeks now. Saves a lot of entries in the table.
However, I'd still like to know which other normally occuring TCP stuff
needs such a looong establishment.
Well, for that matter, which not-so-normally-occuring things too ;)
--
Kind regards,
Mogens Valentin
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
