Estimate Timeout through iptables firewall
2005-01-22 11:41:56
This is mostly just for the archives.
I had problems with some clients timing out on estimates when running
through a linux firewall (2.6.9 patched and 2.6.10). The problem was that
ip_conntrack_amanda was closing the return path before the clients could
finish, so the estimate results were getting dropped on the floor. There are
three solutions:
1. Open a hole in the firewall allowing clients to send from port 10080 to
your amanda server.
2. Change the UDP stream timeout which defaults to 180 seconds to something
larger. WARNING! This will change it for ALL UDP connections:
sysctl -w net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=1800
3. Extend the amount of time that ip_conntrack_amanda allows the connection
to remain open. According to the source it is currently 300 seconds. You can
change this by loading the module with the master_timeout option set to
something bigger. This can be done in /etc/modprobe.conf:
options ip_conntrack_amanda master_timeout=1800
Obviously I prefer 3.
Hope this helps someone down the road...
Matt
--
Matt Hyclak
Department of Mathematics
Department of Social Work
Ohio University
(740) 593-1263
pgpf9Q87OuUch.pgp
Description: PGP signature
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- Estimate Timeout through iptables firewall,
Matt Hyclak <=
|
|
|