Re: IPfilter NAT and stalled TCP connexions

To: Chuck Swiger <cswiger%mac.com@localhost>
Subject: Re: IPfilter NAT and stalled TCP connexions
From: Michael Graff <explorer%flame.org@localhost>
Date: Mon, 29 Mar 2010 11:00:59 -0500

On 3/26/10 9:31 AM, Chuck Swiger wrote:
> Unless NetBSD has "sysctl net.inet.ip.ttl" set to less than 60, that low of a 
> timeout can be expected to be too short.  In fact, I'd suggest that setting 
> NAT timeouts to a minimum of least 5 minutes due to:

I don't think that sysctl is really a "time to live" in seconds as much
as the badly named IP header TTL value, which is decremented on each
forward through a router.  It's loop prevention not NAT related.

--Michael

Follow-Ups:
- Re: IPfilter NAT and stalled TCP connexions
  - From: Dennis Ferguson

References:
- IPfilter NAT and stalled TCP connexions
  - From: Emmanuel Dreyfus
- Re: IPfilter NAT and stalled TCP connexions
  - From: Greg Troxel
- Re: IPfilter NAT and stalled TCP connexions
  - From: Steven Bellovin
- Re: IPfilter NAT and stalled TCP connexions
  - From: Emmanuel Dreyfus
- Re: IPfilter NAT and stalled TCP connexions
  - From: Chuck Swiger

Prev by Date: Re: IPfilter NAT and stalled TCP connexions
Next by Date: Google Summer of Code Project: Port OpenAFS Client
Previous by Thread: Re: IPfilter NAT and stalled TCP connexions
Next by Thread: Re: IPfilter NAT and stalled TCP connexions
Indexes:

Home | Main Index | Thread Index | Old Index