On Thursday 10 June 2004 07:59, Joshua Baker-LePain wrote:
>On Thu, 10 Jun 2004 at 1:40pm, Paul Bijnens wrote
>
>> I have been thinking about this problem, and, without any real
>> testing to backup my hypothesis, I believe the problem lies in the
>> default timeout in iptables for UDP traffic, as you decided too.
>>
>> For TCP traffic, once a packet is replied, the timeout becomes
>> very large (5 days or so I believe). But for UDP, which is a
>> conectionless protocol the timeout is 180 seconds (I believe).
>> After this timeout the connection tracking drops the rule.
>
>Is this true even with ip_conntrack_amanda loaded?
I wasn't even aware of such a module, and got surprised by the output
of a locate!
Its part of the kernel's netfilter options since back in 2.4.22 or
earlier days, so if he doesn't have the executable module, he may
have to rebuild his kernel to get it.
I hadn't worried about it here since everything I backup with amanda
is inside the firewall, or on the firewall itself, but iptables sits
between the 2 NICS in the firewall that seperate inside from outside
stuffs.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.23% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
|