Date: Fri, 20 May 2016 16:10:35 +0200 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Jan Bramkamp <crest@rlwinm.de> Cc: freebsd-current@freebsd.org Subject: Re: CURRENT: ipfw: problems with timeouts and worse network performance Message-ID: <20160520161035.52118058.ohartman@zedat.fu-berlin.de> In-Reply-To: <38888426-4d91-56ed-9ab3-0d516b0b8d46@rlwinm.de> References: <20160520140152.3ab6fe44@hermann> <20160520125401.GC2371@vzakharov> <38888426-4d91-56ed-9ab3-0d516b0b8d46@rlwinm.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/i1RG==SKrtB/deGYB5TrV4y Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Fri, 20 May 2016 15:28:35 +0200 Jan Bramkamp <crest@rlwinm.de> schrieb: > On 20/05/16 14:54, Vladimir Zakharov wrote: > > Hello > > > > On Fri, May 20, 2016, O. Hartmann wrote: =20 > >> I reported earlier about broken pipes in ssh sessions to remote hosts, > >> which occur on an erratic basis. i'm investigating this problem now and > >> it seems that it is also ipfw-related, but I'm not sure. This problem > >> is present since a couple of weeks now. =20 > > > > Maybe this could help... > > > > I've also experienced problems with broken pipes in ssh sessions some > > time ago. Setting in sysctl.conf > > > > net.inet.ip.fw.dyn_ack_lifetime=3D3600 > > > > fixed problem for me. I didn't experiment with the value though. So, > > possibly, changing default value (300s) to 1 hour is overkill :). =20 >=20 > By default the OpenSSH SSH client is configured to use TCP keepalives.=20 > Those should produce enough packets at a short enough interval to keep=20 > the dynamic IPFW state established. >=20 > Does your traffic pass through libalias? YES and NO. My private setup at home/home office uses NAT/libalias (kernel = NAT), but at work and department its straight forward. --Sig_/i1RG==SKrtB/deGYB5TrV4y Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXPxrbAAoJEOgBcD7A/5N8pXoIAJdM+SyjaKjTgM2BGg4l2Ey8 60LAoFCGz3DMDMeZTo4fAzbgcLydRHa4csdF0PJ+thPZKv8jxeO7ULSm59lVFfSx jAPDQQfNDTX7krOzTFSi8c6V6SROIxMQuEI07wty0SGqglDq60OUGMNtKTkfnuwC QogbbI2gYUpxEgzGxnWw9oWR5SnI6zcHc8v6gLrhqgJ6V7ULXElrVR3cbBFinnY7 txqAJeClgAzdLakC8hzW/TPPQ6EkK6ij2nap+Z0wx6MgcRNypfrIhlUgSY4lj2fj iNJy/+DoEtyWHyCh5lT2VHFx024bvknBS7JC0rvRLt4sNDgDa6N5lVz08dUMVI8= =K1kB -----END PGP SIGNATURE----- --Sig_/i1RG==SKrtB/deGYB5TrV4y--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160520161035.52118058.ohartman>