will survive after having seen an termination request (FIN) from responder
tcp-established-timeout ( time ; default: 1d ) - maximal amount of time connection tracking entry
will survive after having seen an acknowledgment (ACK) from connection initiator
tcp-fin-wait-timeout ( time ; default: 10s ) - maximal amount of time connection tracking entry
will survive after having seen connection termination request (FIN) from connection release
initiator
tcp-syncookie ( yes | no ; default: no ) - enable TCP SYN cookies for connections destined to the
router itself (this may be useful for HotSpot and tunnels)
tcp-syn-received-timeout ( time ; default: 1m ) - maximal amount of time connection tracking
entry will survive after having seen a matching connection request (SYN)
tcp-syn-sent-timeout ( time ; default: 1m ) - maximal amount of time connection tracking entry
will survive after having seen a connection request (SYN) from connection initiator
tcp-time-wait-timeout ( time ; default: 10s ) - maximal amount of time connection tracking entry
will survive after having seen connection termination request (FIN) just after connection request
(SYN) or having seen another termination request (FIN) from connection release initiator
total-entries ( read-only: integer ) - number of connections currently recorded in the connection
state table
udp-stream-timeout ( time ; default: 3m ) - maximal amount of time connection tracking entry
will survive after replay is seen for the last packet matching this entry (connection tracking entry is
assured). It is used to increase timeout for such connections as H323, VoIP, etc.
udp-timeout ( time ; default: 10s ) - maximal amount of time connection tracking entry will
survive after having seen last packet matching this entry
Notes
The maximum timeout value depends on amount of entries in connection state table. If amount of
entries in the table is more than:
• 1/16 of maximum number of entries the maximum timeout value will be 1 day
• 3/16 of maximum number of entries the maximum timeout value will be 1 hour
• 1/2 of maximum number of entries the maximum timeout value will be 10 minute
• 13/16 of maximum number of entries the maximum timeout value will be 1 minute
The shortest timeout will always be choden between the configured timeout and the value listed
above.
If connection tracking timeout value is less than the normal interval between the data packets rate
(timeout expires before the next packet arives), NAT and statefull-firewalling stop working.
Service Ports
Home menu level: /ip firewall service-port
Description
Some network protocols are not compatible with network address translation, for example due to
Page 471 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
To Next Page
Loading...
General