Hi Jeffrey, thanks.
It's a linux cluster, so all the nat-ed clients are Linux machines.
(The head of the cluster is the one that does the nat-ing)
So I guess I am fine with those values.
thanks,
Ron
Jeffrey Altman wrote:
Ron Croonenberg wrote:
I found, after digging around for a good while, that changing these keys:
net.ipv4.netfilter.ip_conntrack_udp_timeout=480
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=900
seems to work on FC6 (2.6.22.4-45.fc6).
But: Do I both need them ? and what is the best "minimal" value for
those keys ?
tia,
Ron
you need both of them. they specify different things.
The first is how long the firewall will permit inbound packets to be
delivered after the last outbound packet between a given set of endpoints.
The second is how long an idle port mapping will be maintained before it
can be reused by a new client. Those values are fine. However, OpenAFS
windows clients older than 1.5.17 probed up servers once every ten
minutes and therefore a net.ipv4.netfilter.ip_conntrack_udp_timeout
value of 780 will make your file servers much happier.
You cannot set these values by port as you cannot guarantee what port
numbers will be used by the client. The client will default to 7001 but
for example, a client run in a VM behind a NAT will appear on a
different port.
Jeffrey Altman
--
=================================================================
Ron Croonenberg |
| Phone: 1 765 658 4761
Lab Instructor & | Fax: 1 765 658 4732
Technology Coordinator |
|
Department of Computer Science | e-mail: [EMAIL PROTECTED]
DePauw University |
275 Julian Science & Math Center |
602 South College Ave. |
Greencastle, IN 46135 |
=================================================================
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
