Is there any thing on UI where i can set idle time out of tcp connection.And what is default value of astaro gateway 8.0 for idle tcp connection timeout.
I moved this discussion from its original attachment to a four-year-old thread. I'm glad you remembered that Barry. I knew I'd seen it recently, but couldn't find it quickly on the KnowledgeBase.
Hi
I have configured ip_conntrack_tcp_timeout_established" =900 sec
still if connection remains idle for more than 900 sec then also not dropped by firewall
My configuration are
masquerading rule between client and server
client in internal network and server is in public network
in packet filter Allow all packet using any service fro
you also have to enable "Use strict TCP session handling" under Network Security >> Firewall >> Advanced (nf_conntrack_tcp_be_liberal). Otherwise the connection is picked up and allowed again after client sends another data packet.
Hi
i have enable the Use "strict TCP session handling" from Network Security >packet filter>advances.and on firewall console showing nf_conntrack_tcp_be_liberal=0;
still tcp idle connection is not broken by firewall after 900 sec
my other settings are:
1)packet filter:allow from client to server and server to client.
2)NAT>Mosquerading: Internal (Network) to External interface
I have not restarted the firewall machine after changing the value strict TCP session handling"
Tried to reproduce with 8.300 but cant verify the issue.
If you enter "conntrack -L" on the console you see all conntracks. Grep for the entry you monitor. Third parameter is the allowed lifetime, which decrements.
ip_conntrack_tcp_timeout_established only affects new conntracks. You don't have to reboot.
Please try again and verify that your client is not re-establishing a new connection.
Hi
My concern is that i have to see how astaro is breaking idle connection
if my idle timeout is 15 min.In this condition can we verify from wieshar
does firewall sends any reset packet to client .
