Oral Mohan <[EMAIL PROTECTED]> wrote:
>
> It works fine except for one thing... there are a lot of "connection
> reset by peer" errors on all services
"Connection reset by peer" means that someone along the link has
forgotten about the connection, and is sending you a reset signal to
tell you that it's not going to work anymore. This usually happens if
you reboot a host while a connection is active; when it reboots, it has
no TCP state, so it resets the moment you try to resume the connection.
In regard to MASQ, this happens when the connection goes idle for a
time, and the masq box drops the connection due to timeout. You should
examine your TCP timeouts (read "man ipfwadm" in regard to the -s
option). If your connections are idle for a long while, raise the
active connection timeout to something larger than that idle time. I
set mine to two hours.
Note that you probably shouldn't change the inactive-TCP timeout; it's
fine. The UDP timeout is something you might want to change, but it
depends on what UDP-based protocols you use through your masq system.
Most people use few, if any, so the timeout isn't important.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
