[ale] Iptables packet mangling

Stuffed Crust pizza at shaftnet.org
Sat Jun 30 09:21:14 EDT 2001


On Sat, Jun 30, 2001 at 12:41:38AM -0400, Transam at cavu.com wrote:
> After finding no help in the doc, web, or even ALE, I had a look at the
> 2.4.4 kernel source for the answer.  The question is: Under IP Tables,
> how does one change the IP Masquerading connection timeouts for the various
> protocols.  This was trivial under IP Chains and well documented.
> 
> The answer is screw off.  They're hardwired into the kernel.  These values
> are:

In all fairness, IPTables doesn't need timeouts in the same sense as
IPChains did -- iptables is completely stateful, whereas ipchains
maintained almost no state at all.  without the timeouts in ipchains,
connections would stay open indefinately, even if (for example) the tcp
FIN sequence was completed.

But thanks for getting an definitive answer out of this; I've been
wondering how to change these timeouts too..

 - Pizza
-- 
Solomon Peachy                                    pizzaATfucktheusers.org
I ain't broke, but I'm badly bent.                           ICQ# 1318344
Patience comes to those who wait.
    ...It's not "Beanbag Love", it's a "Transanimate Relationship"...
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list