Discussion started by Planiwa, Feb 14, 2012.

  Planiwa:

    

    Apart from the timeouts that can be found in Tomato's GUI and in /proc/sys/net/netfilter/ , there appears to be at least one more kind:

     17 3594 src=.103 dst= sp=5060 dp=5060 P=599 B=36500 src= dst=WANIP sp=5060 dp=5060 P=268 B=20499 [A] mark=1048842 use=1
    This seems to be some sort of SIP/VOIP/Nettalk device.

    The question is -- how did it get a timeout of 3600s? My udp timeouts are 5s and 10s:

    N16:netfilter# head  *udp*
    ==> nf_conntrack_udp_timeout <==
    ==> nf_conntrack_udp_timeout_stream <==
    Could this be related to the items at the bottom of the advanced-ctnf.asp Page, in particular,
    Tracking/NAT helpers -- SIP ?
    If so, how, and what other nonstandard Timeouts are there?
  Badders44:

    

    There is a thread around which describes this SIP Tracking/NAT Helper and shows how it overrides the UDP timeouts. I seem to remember it recommends disabling it for certain VOIP providers. I certainly needed to disable it to get Sipgate stable.
  Planiwa:

    

    Thanks. Yes, it was Mango who mostly contributed to that thread.

    I noticed this because it was spitten out by my reporting tool that calculates the idle-time of connections as: Timeout - TTL.

    This particular trick results in a connection with a huge negative idle time.
