Date: Fri, 31 Mar 2000 23:05:27 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Keith Ray <rayk@sugar-land.spc.slb.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ssh timeouts & ipfw dyn_ack_lifetime Message-ID: <200003312105.XAA44689@info.iet.unipi.it> In-Reply-To: <4.3.1.2.20000331141018.00ae0e10@163.188.48.51> from Keith Ray at "Mar 31, 2000 02:14:16 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I believe I may have found a solution. If I set net.inet.tcp.keepidle < > net.inet.ip.fw.dyn_ack_lifetime, this appears to work. The defaults for yes, though this assumes thay you can set the keepalive interval on at least one end, and you know the lifetime of dynamic rules on the firewall, both things that you should not be required to do. [this is not to say that it doesn't work, just that ipfw should do something smarter!] > these values are 2 hours and 5 minutes respectively. Would it be better to > set the keepidle to something small like 2.5 minutes or would it be better > to make the dyn_ack_lifetime big like 3 hours? Setting the keepalive small > seems the best solution, but what repercussions would there be? Why is it > two hours by default? because a short keepalive would keep dialup connection up even if no traffic is flowing, etc. etc. -- so i would move both values to something like 10-30min. But for your setting, basically any solution would do. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003312105.XAA44689>