If it becomes still a bit much for the connections to timeout, i would set it to 180, which is eventually what i did and it rids the idle connections just fine now. protocoltcp add actionaccept chaininput connection-stateestablished. many ESTABLISHED / UNREPLIED connections, like this: tcp 6 426339 ESTABLISHED src64.62.209.98 dst96.221.109.137 sport443 dport50465 packets2 bytes178 UNREPLIED src96.221.109.137 dst64.62.209. I wouldn't, then how would you access the internet? I would just let the TCP timeout management do its thing and manage it for you. Ive noticed lately theres loads of unreplied connections in the firewall every. "Any harm in writing a IP table rule to drop all connections where the source is my own WAN ip address" bit odd that as I would assume the source would be my internal subnet 192.168.1.xĪny harm in writing a IP table rule to drop all connections where the source is my own WAN ip address
Having problems with port forwarding? Check out Port Forward Troubleshooting for more info.Īlso noticed my maxed out ip connection - alot of the IP address listed in source is the WAn IP addreess. Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ At your current settings with 3600, it takes 1 hour for anything you do to timeout, even if you aren't using those connections anymore, you should tune that down to around 180 or at max 300, but 3600 is not needed. You Haven't noticed any performance issues but yet you are reaching your 4096 max connections because your timeouts are so high? I would call that a performance issue. Internal states State Timeout value NONE 30 minutes ESTABLISHED 5 days SYNSENT 2 minutes SYNRECV 60 seconds FINWAIT 2 minutes TIMEWAIT 2 minutes CLOSE 10 seconds CLOSEWAIT 12 hours LASTACK 30 seconds LISTEN 2 minutes These values are most definitely not absolute. Tcp time out is 3600 and yes it is maxing out at 4096.
Also i am not sure why you want to increase from 4096 connection, are you actually reaching the 4096 connection limit? 4096 is a generic set, some units can handle more because they have good hardware in which to do such, but you haven't listed which router you have. What do you have your TCP timeout set to in Administration? I always set mine to 180, with 180 they clear out in 3 minutes.
0 kommentar(er)
