Okay, well, I think I've got a solution (since I do have root access to
the masq box).

Will post it in case anyone else has issues with this:

/sbin/ipchains -M -S 43200 10 60

Sets a 12 hour timeout for masqueraded tcp connections.  Might want a
smaller number, but that's good and safe for what I'm doing :)

C ya,

Wes