How long will pfSense hold onto the states required to maintain a tcp
connection/udp session, and can this be changed?
It seems like connections on my network that are utilizing NAT reflection
are timing out extremely fast (like 20 seconds or less). The firewall
optimization is set to
On Tue, Nov 18, 2008 at 6:32 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
How long will pfSense hold onto the states required to maintain a tcp
connection/udp session, and can this be changed?
It seems like connections on my network that are utilizing NAT reflection
are timing out extremely
go to 'systems' , 'advanced functions', and check out: Firewall
Optimization Options. you can change the timing there.
i'm not sure as to the exact timing. i believe this has to do with
freebsd's implementation of tcp/ip??
-phil
On Nov 18, 2008, at 5:32 PM, Dimitri Rodis wrote:
How
ahh, i see now.
On Nov 18, 2008, at 5:35 PM, Scott Ullrich wrote:
On Tue, Nov 18, 2008 at 6:32 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
How long will pfSense hold onto the states required to maintain a tcp
connection/udp session, and can this be changed?
It seems like connections on my
Thanks, Scott.
Dimitri Rodis
Integrita Systems LLC
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 3:36 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] NAT Reflection States
On Tue, Nov 18, 2008 at 6:32 PM, Dimitri Rodis
That's milliseconds, correct?
Dimitri Rodis
Integrita Systems LLC
-Original Message-
From: Dimitri Rodis [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 3:38 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] NAT Reflection States
Thanks, Scott.
Dimitri Rodis
On Tue, Nov 18, 2008 at 6:40 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
That's milliseconds, correct?
I believe that is seconds, actually (whatever the default nc uses -- netcat).
Scott
-
To unsubscribe, e-mail: [EMAIL
me last.
Dimitri Rodis
Integrita Systems LLC
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 3:44 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] NAT Reflection States
On Tue, Nov 18, 2008 at 6:40 PM, Dimitri Rodis
[EMAIL
PROTECTED]
Sent: Tuesday, November 18, 2008 3:52 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] NAT Reflection States
Check this out: http://cvstrac.pfsense.com/chngview?cn=18706
Comment: Default to nat-reflection inactivity of 2000 which is roughtly 33
minutes.
lol, 2000=33 minutes? Can't
]
Sent: Tuesday, November 18, 2008 3:52 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] NAT Reflection States
Check this out: http://cvstrac.pfsense.com/chngview?cn=18706
Comment: Default to nat-reflection inactivity of 2000 which is roughtly 33
minutes.
lol, 2000=33 minutes? Can't be. I
On Tue, Nov 18, 2008 at 7:04 PM, digger [EMAIL PROTECTED] wrote:
I have the same issue with reflection and SSH. The session closes after
about 20 seconds.
I am using* *1.2.1-RC1 built on Thu Oct 16 07:20:59 EDT 2008
Not a huge issue as I can connect directly to the internal IP in the DMZ but
:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 3:52 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] NAT Reflection States
Check this out: http://cvstrac.pfsense.com/chngview?cn=18706
Comment: Default to nat-reflection inactivity of 2000 which is roughtly
33
minutes.
lol, 2000
:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 4:07 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] NAT Reflection States
On Tue, Nov 18, 2008 at 7:04 PM, digger [EMAIL PROTECTED] wrote:
I have the same issue with reflection and SSH. The session closes after
about 20 seconds.
I am
On Tue, Nov 18, 2008 at 7:10 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
There are a ton of lines that look like this:
19004 stream tcp nowait/0nobody /usr/bin/nc nc -w 20
I guess we found the culprit then? Why is it using 20 as opposed to 2000?
It was a mistake / code
My next scheduled outage is US Sunday night . I'll let you know how it
goes after that.
Thanks
Digger.
Scott Ullrich wrote:
On Tue, Nov 18, 2008 at 7:10 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
There are a ton of lines that look like this:
19004 stream tcp nowait/0
15 matches
Mail list logo