NAT Reflection (timeout problem)
-
Okay, I added a hidden option for controlling this.
edit config.xml by downloading it via the webConfigurator backup feature.
add a <reflectiontimeout>100</reflectiontimeout> area to <system>So it should end up looking something like:
<system><reflectiontimeout>100</reflectiontimeout>
Upload the changed config.xml … The firewall will reboot.
This will show up in about 2 hours after the snapshot server rebuilds the images.</system></system>
-
Outstanding. I'll grab a new image in the morning. Thanks for the super-fast response.
-Zandr
-
Very nice this thing also works for me. Will be this features also integrated into GUI?
-
Very nice this thing also works for me. Will be this features also integrated into GUI?
Doubtful.
-
I never followed up here… This is working great. I set it to 3600s (1hr) and all of the issues with our other apps have gone away.
We only have a few forwards anyway, so I'm not too concerned about the resources consumed by those nc's.
I'd second the suggestion to tuck this into the GUI somewhere, it's a pretty useful feature. Though, if it were superseded by Dhauzimmer's patch, that could be even better.
Thanks again.
-
Will consider the GUI option after I pass it by other devs.
The patch was submitted to coreteam but had the potential to break QOS and Multi-Wan so it is not quite ready yet. This is going from memory.. I am terribly sorry if I am confusing two different incidents.
-
Will consider the GUI option after I pass it by other devs.
The patch was submitted to coreteam but had the potential to break QOS and Multi-Wan so it is not quite ready yet. This is going from memory.. I am terribly sorry if I am confusing two different incidents.
Why not just default it to 1 hour? I'd rather not see yet another knob that people will twist for no good reason exposed.
–Bill
-
I am perfectly fine with this as long as no DOS potential is present?
-
Question
I see in blogspot that you change NAT reflection timeout to 2000 by default, so I decide to remove line <reflectiontimeout>2000</reflectiontimeout> (work with this line) from config.xml. I reboot my server machine and try connecting to battle.net (the way I testing nat reflection timeout) with 2 users on LAN. After 20s LAN user joined in game has been disconnected.
So question, am I need to install fresh copy of pfsense or is this normally and I just put those line back to config.xml?
I using last version of pfsense 1.2 RC2 18.8.2007
Thx
-
You cannot simply remove the line. It needs a value.
-
As far as I see this line is optional and only change default value to value that you want. So I thought that now when default is 2000s line in config.xlm for reflection time out isn’t needed any more. Am I wrong?
-
Yes, that is wrong. If you do not want a timeout, set it to 0.
-
Ok and what is default timeout if there is no line in config.xml? I asking because you add that options in past »I added a hidden option for controlling this«.
-
300 seconds IIRC.
-
Thx. for info.