Date: Sat, 8 Dec 2001 16:37:31 -0600 From: "David W. Chapman Jr." <dwcjr@inethouston.net> To: Harald Schmalzbauer <H@Schmalzbauer.de> Cc: freebsd-stable@freebsd.org Subject: Re: ipfw, keep-state and ssh Message-ID: <20011208223731.GA28158@leviathan.inethouston.net> In-Reply-To: <1007816782.618.0.camel@adm01.belenus.com> References: <1007816782.618.0.camel@adm01.belenus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 08, 2001 at 12:06:22PM -0100, Harald Schmalzbauer wrote: > Hello, > > today I set up a packet filter with ipfw. The last time I have used it > was long before 4.0 so keep-state is new to me (for IPFW, I know it in > IPFilter). > > I reworte my complete ruleset, but it should be identical to the > IPfilter set before. > > Unfortunately my ssh connection gets dropped regularly. Sometimes even > while typing!! I have enabled fragmneted packets, so until now the > disconnect while typing has gone but with the default dyna_ack lifetime > of 300 the connection closes reliably. > > How can I tell sshd to send Keepalive in shorter intervals? > > I only saw that the non-default ClientAlive can be adjusted. Is it > reasonable to use that instead? Or should I set another rule for tcp-ack > pass? But then keep-state is useless for TCP. The problem is ipfw's states aren't really states, they are timers. SSH sends a keep-alive around every 10 mins, way past the default settings for the timer in ipfw. -- David W. Chapman Jr. dwcjr@inethouston.net Raintree Network Services, Inc. <www.inethouston.net> dwcjr@freebsd.org FreeBSD Committer <www.FreeBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011208223731.GA28158>