[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Kris Maglione <bsdaemon at comcast dot net>
 Cc:  "m0n0wall dash dev at lists dot m0n0 dot ch" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] UPNP
 Date:  Wed, 19 Oct 2005 15:33:08 -0700
Kris Maglione wrote:
> Chad R. Larson wrote:
>>I found that I could blow out the m0n0wall state table if I were a super 
>>node, especially when my Windoze box would crash leaving unclosed 
>>connections.  We used sysctl to lower the TCP timeout value from its 
>>default ten days(!) to a couple of hours.
> I think that the timeout issue was also fixed in a 1.2 beta release.
> It's also possible to increase the size of the state table, though it
> slows things down if it gets that full.

Yeah, but that wasn't a tuneable in the FreeBSD 4.11 kernel.  You had to 
edit a header and recompile.  Using a reasonable time out did it for us.

Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228


Information transmitted by this e-mail is proprietary to MphasiS and/or its Customers and is
intended for use only by the individual or entity to which it is addressed, and may contain
information that is privileged, confidential or exempt from disclosure under applicable law. If you
are not the intended recipient or it appears that this mail has been forwarded to you without proper
authority, you are notified that any use or dissemination of this information in any manner is
strictly prohibited. In such cases, please notify us immediately at mailmaster at mphasis dot com and
delete this mail from your records.