On Thu, Mar 21, 2002 at 08:27:10PM -0800, alex wrote: > I checked > > ip_ct_tcp_timeout_established > > in /proc/sys/net/ipv4/netfilter/ expecting to find a value of 432000 which > would translate to 5 days. > To my surprise I found this value: 43200000 which would be 500 days.
The number is probably in jiffies rather than seconds. On an x86 machine, there's 100 jiffies a second, so to get seconds divide by 100. This gives the expected value of five days. Unless the stale conntracks are causing problems, you probably don't need to change it. Eight hours sounds reasonable though, if you're not expecting to have any long-lived tcp sessions. -- Scottie Shore <[EMAIL PROTECTED]> "Experience is that marvelous thing that enables you to recognize a mistake when you make it again." -- F. P. Jones
msg01162/pgp00000.pgp
Description: PGP signature
