It turns out to save on cpu and deal with some broken clients,<br>conttrack doesn't checksum by default. I just turned it back on.<br><br>echo 1 > /proc/sys/net/netfilter/nf_conntrack_checksum<br>echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_checksum<br>
<br>I think leaving it on is a good idea and will probably do so in<br>a follow on release, but am open to opinions.<br><br>AND:<br><br>I think this is a bug in cero on larger networks. I have seen in the field<br>timeouts (far) lower than 3600, and I think the rfc is 7200, and I have no idea<br>
why I put this in there... except that I used to (before I switched to mosh)<br>maintain a lot of long running ssh sessions.<br><br>net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=432000<br><br>One behavior I've been battling, has been "after a while", a given radio<br>
would be able to forward packets around the internal network just fine.<br><br>But: frequently you can get stuff through the gateway, but after a couple hops<br>things would fail to return, so I first suspected crc (which I'm mostly putting<br>
down to the tcpdump tool not the network right now), then nat. So I can<br>see the above value exausting the nat table...<br><br>going to get rid of the double-nat today or tomorrow<br><br><br clear="all"><br>-- <br>Dave Täht<br>
<br>Fixing bufferbloat with cerowrt: <a href="http://www.teklibre.com/cerowrt/subscribe.html" target="_blank">http://www.teklibre.com/cerowrt/subscribe.html</a>