默认情况下,IP Masq 将 TCP 会话、TCP FIN 和 UDP 流量的计时器设置为 15 分钟。建议大多数用户使用以下设置(如本 HOWTO 的 /etc/rc.d/rc.firewall-* 规则集中已经展示的那样):
带有 IPTABLES 的 Linux 2.4.x
IPMASQ timeouts are NOT adjustable under IPTABLES |
带有 IPCHAINS 的 Linux 2.2.x
# MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec # firewall timeout in ICQ itself) # /ipchains -M -S 7200 10 60 |
带有 IPFWADM 的 Linux 2.0.x
# MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec # firewall timeout in ICQ itself) # /sbin/ipfwadm -M -s 7200 10 60 |