Ack/Fin packets dropped.
Jesper Dybdal
netfilter@dybdal.dk
Mon, 30 Jul 2001 18:57:44 +0200
On Sun, 29 Jul 2001 20:37:42 -0300, Harald Welte <laforge@gnumonks.org> =
wrote:
>On Fri, Jul 27, 2001 at 07:42:31PM +0200, Denis Ducamp wrote:
>>=20
>> The explanation is simple : TCP timeout at the end of a connexion, ie =
after
>> the 1st FIN/ACK paquet, are very short comparatively to the 5 days =
timeout
>> during the connexion (30 seconds iirc), ie after the 3 way hand shake.
>
>It's 10 seconds, but anyway - 10 seconds are a _long_ time for =
short-lived
>http conncetions.
Perhaps - but obviously not long enough. I have dozens of those log =
entries
every day on my very low-traffic home firewall.
--=20
Jesper Dybdal, Denmark.
http://www.dybdal.dk (in Danish).