On Wed, 3 Jul 2002, Scaglione Ermanno wrote:
> This is a CISCO document explaining NAT: > http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm > > It states that "Any TCP/UDP traffic that does not carry source and/or > destination IP addresses in the application data stream" is supported and > without the sendsize problem also amanda UDP traffic is supported. > > When port translation is configured, there is finer control over translation > entry timeouts, because each entry contains more context about the traffic > using it. Non-DNS UDP translations time out after 5 minutes; DNS times out > in 1 minute. TCP translations time out after 24 hours, unless a RST or FIN > is seen on the stream, in which case it times out in 1 minute. > > The problem exists certainly also with linux firewall using iptables becouse > it uses even smaller timeouts. Worse yet, iptables in Red Hat 7.x doesn't allow control of the timeout value. A huge step backwards from ipchains in Red Hat 6.x, which did allow tuning this parameter. Amanda is not the only thing that breaks without this feature. -Mitch
