From owner-freebsd-questions Wed Nov 25 13:54:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA14977 for freebsd-questions-outgoing; Wed, 25 Nov 1998 13:53:06 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from taz.nda.com (taz.nda.com [198.93.48.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA14972 for ; Wed, 25 Nov 1998 13:52:59 -0800 (PST) (envelope-from jesse@taz.nda.com) Received: (from jesse@localhost) by taz.nda.com (8.8.5/8.8.8) id NAA01540; Wed, 25 Nov 1998 13:52:15 -0800 (PST) Message-ID: <19981125135214.B1210@taz.nda.com> Date: Wed, 25 Nov 1998 13:52:14 -0800 From: Jesse Robbins To: freebsd-questions@FreeBSD.ORG Subject: NATD hang on long idle connections Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings! I recently created a firewall using 2.2.7-STABLE It works wonderfully for bursty transfers like ftp and http stuff. It also is fine when doing any kind of interactive session like ssh and telnet. However, regardless of application, OS, or remote target, if I leave a session idle for more than a few minutes, and then type a key or two there is a LONG delay before the session actually "unfreezes". I don't lose any keystrokes or drop the session... usually. The problem is irritating, and easily observable. Any help would be appreciated! Here are my configs: FreeBSD gateway 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Wed Sep 30 15:52:32 GMT 1998 /etc/natd.conf #log use_sockets same_ports #unregistered_only interface vx0 deny_incoming redirect_port tcp 172.30.31.100:80 500 ifconfig -a: xl0: flags=8843 mtu 1500 inet 192.80.10.231 netmask 0xffffff00 broadcast 192.80.10.255 inet 192.80.11.1 netmask 0xffffff00 broadcast 192.80.11.255 ether 00:10:4b:cd:ec:b5 media: autoselect (10baseT/UTP ) supported media: autoselect 100baseTX 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP 10baseT/UTP vx0: flags=8843 mtu 1500 inet 205.226.66.126 netmask 0xffffff00 broadcast 205.226.66.255 ether 00:a0:24:c0:f3:b9 lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ipfw show: 00300 0 0 deny ip from 192.80.10.0/24 to any in recv vx0 00400 0 0 deny ip from 192.80.11.0/24 to any in recv vx0 00500 0 0 deny ip from 172.30.31.0/24 to any in recv vx0 00600 71821 31352774 allow tcp from any to 205.226.66.126 21-25 00700 11 527 allow tcp from any to 205.226.66.126 53 00800 180144 18351417 allow udp from any to 205.226.66.126 53 00900 4597238 2827234556 divert 8668 ip from any to any via vx0 01000 9350986 1568491979 allow ip from any to any 65535 0 0 deny ip from any to any -- __________________________________________________________ Jesse Robbins Net Daemons Asc. Network Engineer 1818 Gilbreth Rd Suite 234 jesse@nda.com Burlingame, Ca 94010 (650) 692-8100 ----- End forwarded message ----- -- __________________________________________________________ Jesse Robbins Net Daemons Asc. Network Engineer 1818 Gilbreth Rd Suite 234 jesse@nda.com Burlingame, Ca 94010 (650) 692-8100 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message