EFW Support

I connect to a Webpage through EFW (upgraded from 2.3 to 2.4) and when I disconnected the connection is still in ESTABLISHED status  >:(

****************************************************************************

Legend:     LAN     INTERNET     DMZ     Wireless     Endian Firewall     VPN (IPsec)

Source IP    Source port    Destination IP    Destination port    Protocol    Status    Expires
10.x.x.x    29707           72.14.254.100    80 (HTTP)            tcp       ESTABLISHED 67:09:03

*****************************************************************************

I do not know why EFW still keep that connection, is there anyone has this problem?  ???

ESTABLISHED status meand the firewall has not "seen" a close socket request coming through from the web browser.

Unclosed TCP connections may stay around for a long time (up to 72 hours?)

Web access sockets remain open if the server allows "keepalive" - which they normally do!

Dear DFen,

Thanks for your reply, it means that EFW does not set the time out for the connection? Is it a problem if EFW wastes time to wait for close socket signal? 

With best regards,

This is only a problem if you have too many connections - this is defined by TCP, not by Endian.

On my system (2GB memory)  I have capacity for 6500 connections
try:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max

I believe it is possible to tune the TCP timeout values but I have not tried this.

Dear DFen,

I have seen this problem on EFW 2.3 and I hope that it will be resolved in EFW 2.4 with new Linux kernel, maybe I should report this issue and hope that Endian team will tune TCP/IP and recompile Linux kernel.

With best regards,

Long