Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Apr 2003 06:49:23 -0700
From:      Michael Sierchio <>
To:        Antoine Jacoutot <>
Cc:        Bruno Afonso <>
Subject:   Re: ipfw dynamic rule timeout
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Antoine Jacoutot wrote:

> sysctl net.inet.ip.fw.dyn_syn_lifetime=300
> The default is 20, so it gives a little more time. But I still have problem 
> from time to time (clients behind the firewall get disconnected from an 
> internet news server after a while reading an article, web clients from the 
> internet to the web server get disconnected while reading mail from 
> webmail...).

You're diddling the wrong MIB value.  dyn_syn_lifetime is for
half-open connections (three-way handshake not complete).

It's dyn_ack_lifetime that you want to set.  But if the problem
is lack of keepalives, you could try


and make sure the firewall keepalive options are on.

Want to link to this message? Use this URL: <>