Phibee Network Operation Center
2008-Aug-28 05:28 UTC
Shorewall and ActiveSync Push ? (Delay https in NAT)
Hi
i am search the solution into shorewall for increase the wait tcp time
into the nat for ActiveSync Push Mail.
Microsoft said:
http://support.microsoft.com/?scid=kb%3Ben-us%3B905013&x=16&y=16
anyone know where is the option into shorewall ?
thanks
Jerome
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Prasanna Krishnamoorthy
2008-Aug-28 05:48 UTC
Re: Shorewall and ActiveSync Push ? (Delay https in NAT)
On Thu, Aug 28, 2008 at 10:58 AM, Phibee Network Operation Center <noc@phibee.net> wrote:> Hi > > i am search the solution into shorewall for increase the wait tcp time > into the nat for ActiveSync Push Mail. >From a cursory look, this seems to be more for a HTTP(s) proxy, thanshorewall. But if you mean iptables keeping the "natted tcp connection" alive, then you''re looking for ip_conntrack_tcp_timeout_established ip_conntrack_tcp_timeout_established is set to 432000 on my ubuntu system, which is 5 days, so should not be affecting your setup in any case. Prasanna. -- Want to manage multiple office networks? Want to securely connect all your locations? Want to do it in a budget? www.elinanetworks.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Phibee Network Operation Center
2008-Aug-28 06:18 UTC
Re: Shorewall and ActiveSync Push ? (Delay https in NAT)
Prasanna Krishnamoorthy a écrit :> On Thu, Aug 28, 2008 at 10:58 AM, Phibee Network Operation Center > <noc@phibee.net> wrote: > >> Hi >> >> i am search the solution into shorewall for increase the wait tcp time >> into the nat for ActiveSync Push Mail. >> > >From a cursory look, this seems to be more for a HTTP(s) proxy, than > shorewall. But if you mean iptables keeping the "natted tcp > connection" alive, then you''re looking for > ip_conntrack_tcp_timeout_established > > ip_conntrack_tcp_timeout_established is set to 432000 on my ubuntu > system, which is 5 days, so should not be affecting your setup in any > case. > > Prasanna. >Hi thanks for your answer, i don''t have proxy on this firewall and it''s Internet => DMZ. Where i can find the ip_conntrack_tcp_timeout_established option ? thanks jerome ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Prasanna Krishnamoorthy
2008-Aug-28 06:28 UTC
Re: Shorewall and ActiveSync Push ? (Delay https in NAT)
On Thu, Aug 28, 2008 at 11:48 AM, Phibee Network Operation Center <noc@phibee.net> wrote:> Prasanna Krishnamoorthy a écrit : > > On Thu, Aug 28, 2008 at 10:58 AM, Phibee Network Operation Center > <noc@phibee.net> wrote: > > > Hi > > i am search the solution into shorewall for increase the wait tcp time > into the nat for ActiveSync Push Mail. > > > >From a cursory look, this seems to be more for a HTTP(s) proxy, than > shorewall. But if you mean iptables keeping the "natted tcp > connection" alive, then you''re looking for > ip_conntrack_tcp_timeout_established > > > Hi > > thanks for your answer, i don''t have proxy on this firewall and it''s > Internet => DMZ. > > Where i can find the ip_conntrack_tcp_timeout_established option ?/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established To see whether your problem is because of expiring connections, do "shorewall show connections" first. See if the connection to your "ActiveSync" server is actually established and timing out. Prasanna. -- Want to manage multiple office networks? Want to securely connect all your locations? Want to do it in a budget? www.elinanetworks.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/