[tech] hydra
Adrian Chadd
adrian at creative.net.au
Sat Sep 1 16:26:46 WST 2001
On Sat, Sep 01, 2001, Michael Deegan wrote:
> Connection tracking is usually used to make various protocols work over
> NAT/IP masq (eg. FTP, IRC DCC, etc).
>
> I'm a little bit hazy on why it tracks UDP sessions though. Probably to make
> sure that multiple UDP packets get NATted out the same router port.
> 'ipchains -M -S ...' lets you set various timeouts. Setting UDP timeouts too
> high will break programs like GameSpy which like to UDP query lots and lots
> of different machines. Setting them too low will make ICQ repeatedly
> disconnect. I use 'ipchains -M -S 28800 10 150' (ie, 150 seconds). The
> default TCP timeout (10 minutes from memory), is far too low (IMO).
Uhm. UDP needs to be proxied so the reply comes from the "reversed"
port numbers.
So, has anyone actually dumped the ipchains NAT table to see what the
story is? (Sorry I came in late - I just resubscribed to tech..)
Adrian
--
Adrian Chadd Yeah, for me its (XML) like the movie Titanic.
<adrian at creative.net.au> Everybody loves it.
I want to be different, so I hate it.
--Duane Wessels
More information about the tech
mailing list