Thanks for all this information, it's really useful.Black = RouterOS
Blue = Linux (if your value are right)
Green = My opinion.
tcp-close-wait-timeout=10s | close-wait timeout = 60s
When is closed, is closed and is still closed, why wait more than 10 seconds?
tcp-established-timeout=1d | established timeout = 5 days
5 days??? One single connection? In my Gateway I lower this value to 6 hours.
If the PC or other devices forget to close the TCP connection, on gateway to 2000 users, you end the ports used for NAT...
tcp-syn-received-timeout=5s | syn-received timeout = 60s
tcp-syn-sent-timeout=5s | syn-sent timeout = 120s
60s ??? 120s ???? This is one way for help "DoS"...
tcp-last-ack-timeout=10s | last-ack timeout = 30s
tcp-fin-wait-timeout=10s | fin-wait timeout = 120s
tcp-time-wait-timeout=10s | time-wait timeout = 120s
How much the other end is slow??? 120s????
This are equal on both system
tcp-close-timeout=10s | close timeout = 10s
udp-stream-timeout=3m | 3m
udp-timeout=10s | 10s
icmp-timeout=10s | system conntrack timeout icmp 30s
30s for one icmp reply? What system wait for one ICMP packet with till 30 seconds delay???
generic-timeout=10m | ?
10m for a generic connection (non UDP, TCP or ICMP) are sufficents.
Thanks for all this information, it's really useful.
I'm having issues with a failover setting. I have a PCC load balance with recursive routing.
When a ISP fails, connections are still established by the fallen ISP. I need to set lower timeouts but i don't know what values should i modify and what is the risk of this modification. Can you help me?
/ip firewall connection remove [find reply-dst-address~"^<PUBLIC IP OF WAN>"]