budsz wrote: > Hallo, > > I've FreeBSD acting as router in small home internet use > ipfilter/ipnat, I've question: > > - How long ipnat keeping state valid rule on table, for example: The > rule has been expire on X second with sending RST TCP flag or rule > already finish with sending FIN TCP flag after Y second etc (On > default mode ipnat). I try to find on source code about this but never > find it.
Look in ip_nat.c, it calls fr_tcp_age(). The timeouts are set at the top of the file. > Because for two week my friend (Work in ISP) have problem, every 4 > minutes until 15 second internet link has been disconnecting, so we > try to capture packet via bridging ethernet and finally we know the > problem is shortly timeout on his NAT box for handshake connection. I cannot understand this 100%. Does running ipmon with -a help? Darren
