[ previous ] [ next ] [ threads ]
 From:  Klaus Stock <ks at stock dash consulting dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] UDP port session time out
 Date:  Fri, 30 Nov 2012 13:27:54 +0100

> What is the default UDP port  session time out ? I am using most recent
> version 1.34

you can find out by looking at "Diagnostics: Firewall states". What
see under TTL is the remaining timeout time, not the total time, so
you need to find a "fresh" UDP entry to get a usable result.

> How can I alter the UDP port  session time out?

AFAIK, you can't. Not even via a hidden option, I'm afraid.

> Any help is appreciated.

You might consider to switch to pfSense, the "full-featured branch of
m0n0wall". Unfortunately, m0n0wall and pfSense configuration files are
not compatible. Plus, pfSense appears to have some issues with PPTP
currently, so if you require PPTP, I recommend to stick to m0n0wall.
The traffic shaper is also different. While the HFSC concept is really
cool, it's documentation is miserable.

Anyway: pfSense uses pf as it's firewall engine, while m0n0wall,
AFAIR, uses iptables. pf allows to set timeouts per firewall rule
(along with settings for maximum number of states (globally and/or per
host), maximum number of connections per second, Layer 7 rules, and
much more things you can waste your time on).

STUN is the usual solution to the SIP/RTP fuckup. I have no experience
with STUN, but I vaguely seem to believe to know that you can deploy a
STUN server inside your network, which then handles the further
communication through the firewall to the VoIP provider.

- Klaus