Date: Thu, 18 Jul 2002 18:41:48 -0000 From: <net@wsf.at> To: "Didier Rwitura" <drwitura@primus.ca>, <ipfw@FreeBSD.ORG> Subject: Re: disconection Message-ID: <200207181841.g6IIfmY09684@www.wsf.at> In-Reply-To: <005f01c22e83$e19188c0$b0120a0a@primustel.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Didier, Didier Rwitura <drwitura@primus.ca> schrieb: > Thanx martin and Thomas > > - the auto-off is off completely .. I guess the reason is mostly the > firewall > > - to answer Thomas > > yeap i do > here are my ipfw rules : > > #allow ssh > add 00300 allow tcp from 216.254.136.110 to any ssh in setup keep-state > > add 00301 allow tcp from any to any out setup keep-state > > add 00302 allow tcp from any ssh to any out setup keep-state I think this rule is useless. AFAIK there will be never an attempt to establish a connection originating from port 22 (sshd listens there) > add 00304 allow tcp from any to any ssh in This makes no sense either. You allow all traffic to port 22 but there is no rule that would let pass the responses (rule 302 only matches SYN packets). > add 00305 allow tcp from any to any out setup keep-state > > > > ==================================== Regarding your original problem, there are 3 options: 1) Configure ipfw to pass traffic to/from 22 without using 'keep-state', replace 300 with: add 00200 allow tcp from 216.254.136.110 to me ssh add 00201 allow tcp from me 22 to 216.254.136.110 (replace '216.254...' with 'any' if you want to connect from anywhere but check your version of sshd first! ) 2) increase the lifetime of the temporary rules created by 'keep-state'. See 'man ipfw, search for 'SYSCTL', see 'net.inet.ip.fw.dyn_ack_lifetime'. 3) Configure sshd and/or your ssh-client to use keepalives. HTH Thomas P.S.: Please don't top-post, it makes it much more difficult to follow the thread. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207181841.g6IIfmY09684>