I can't find anything in the FAQ on timeouts, so ....
I set up a connection (IMAP) from my internal machine (titus),
via the Linux masquerading firewall (gormenghast), to the
imap server (crg8) on the internet. After 15 minutes of inactivity,
the connection dies. (BTW, 2.2.9 kernel).
It seems that a masq entry that's unused for 15 minutes
expires from the list. If this is an open TCP connection,
this is fatal. Why are these set to expire, and especially
after just 15 minutes of inactivity? Seems odd ... I would
have thought he connection would stay open until it sees
a FIN in one direction, or the other ... perhaps a 24 hour
timeout might be useful to clean up debris, but ...
How do I fix this?
Thanks,
Martin
---------------------------------------------------------------------------
-----------------------
details:
A combination of tcpdump logs and ipchains -L -M reveals:
(I kept the full logs somewhere, in case I need them again ...)
22:07:47 connection initialised from titus.1258 to crg8.63143
creates an entry in the masq tables:
TCP 14:59.96 titus crg8 1258 (61132) -> 63143
yabbers away happily for a while on this socket, until ...
22:07:54.130000 crg8.63143 > titus.1258: P 15495:16272(777) ack 143 win
16384 (DF)
22:07:54.130000 titus.1258 > crg8.63143: . ack 16272 win 7983 (DF)
*** NO FINs are sent! Connection is left open ... ***
22:07:54.150000 SYN packet sent from titus.1259 to crg8.63143
creates an entry in the masq tables:
TCP 14:59.80 titus crg8 1259 (61133) -> 63143
(I think this is IMAP's second connection for the INBOX
read, as opposed to the first one, which was the main
control connection, and stays open).
The 1259 (61133) connection is used once a minute, and stays
alive ... but the 1258 (61132) connection isn't being used, and
15 minutes exactly after the last transmission ...
22:22:54 the counter for the masq tables entry for 1258 (61132)
has counted down from 15:00 all the way to 00:00, and expires.
22:32:55 the IMAP client decides to push some more data from
port 1258, but gets a reset back for it's trouble ...
22:32:55.110000 titus.1258 > crg8.63143: P 143:156(13) ack 16272 win 7983
(DF)
at this point, masq has no entry for 1258, so creates a new one ...
TCP 00:09.56 titus crg8 1258 (61134) -> 63143
of course, this is no use, as it doesn't have the same port number
from the firewall, so the server crg8 has no record of it ....
22:32:55.220000 crg8.63143 > titus.1258: R 1035929473:1035929473(0) win
16384
at this point the IMAP client duly explodes into tiny pieces .....
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
