Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Jul 2002 16:43:28 -0400
From:      Rob Ellis <rob@web.ca>
To:        net@wsf.at
Cc:        Didier Rwitura <drwitura@primus.ca>, ipfw@FreeBSD.ORG
Subject:   Re: disconection
Message-ID:  <20020718204328.GQ40395@web.ca>
In-Reply-To: <200207181841.g6IIfmY09684@www.wsf.at>
References:  <005f01c22e83$e19188c0$b0120a0a@primustel.ca> <200207181841.g6IIfmY09684@www.wsf.at>

next in thread | previous in thread | raw e-mail | index | archive | help
an alternative to ssh KeepAlive is to use protocol 2 with
ClientAliveInterval and ClientAliveCountMax set. (see
sshd man page).

- rob

> 
> Regarding your original problem, there are 3 options:
> 1) Configure ipfw to pass traffic to/from 22 without using 
> 'keep-state', replace 300 with:
> add 00200 allow tcp from 216.254.136.110 to me ssh
> add 00201 allow tcp from me 22 to 216.254.136.110
> (replace '216.254...' with 'any' if you want to connect from anywhere
> but check your version of sshd first! )
> 
> 2) increase the lifetime of the temporary rules created by 
> 'keep-state'. See 'man ipfw, search for 'SYSCTL', see
> 'net.inet.ip.fw.dyn_ack_lifetime'.
> 
> 3) Configure sshd and/or your ssh-client to use keepalives.
> 
> HTH
> 
> Thomas
> 
> P.S.: Please don't top-post, it makes it much more difficult 
> to follow the thread.
> 
> 
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020718204328.GQ40395>