On Tuesday 25 February 2003 10:09 pm, Scott Lamb wrote: > Is there a way to control the time it takes for an idle, established > TCP session to be purged from conntrack's state tables? I'm looking > for the something like "ipchains -M -S". I saw at > <http://www.syrlug.org/contrib/ipmasq.html> that there is no iptables > equivalent, but I'm hoping it's changed since then. Maybe there's a > sysctl or something? /proc/sys/net/ipv4/netfilter/ip_ct_tcp_timeout_established does this, if you have tcp-window-tracking from patch-o-matic installed. However, the default timeout apparently is 5 days, so I doubt this is the source of the problem. j > The problem I'm experiencing is pretty simple. I leave ssh sessions > open for a while (possibly several hours). I come back to them and get > a "Connection reset by peer" error and have to open a new session. > Back when I used ipchains, "iptables -M -S 86400 10 60" or similar > solved the problem for me. > > Thanks, > Scott Lamb
