Date: Tue, 29 Apr 2003 16:34:28 +0200 From: Antoine Jacoutot <ajacoutot@lphp.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: Bruno Afonso <brunomiguel@dequim.ist.utl.pt> Subject: Re: ipfw dynamic rule timeout Message-ID: <200304291634.28223.ajacoutot@lphp.org> In-Reply-To: <3EAE8C13.8080009@tenebras.com> References: <200304271259.02025.ajacoutot@lphp.org> <200304291616.52730.ajacoutot@lphp.org> <3EAE8C13.8080009@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 29 April 2003 16:28, Michael Sierchio wrote: > Antoine Jacoutot wrote: > > net.inet.tcp.keepidle: 7200000 > > That's a very long time, longer that the five minutes > you keep rules alive for. OK, so should I low it ? I'm sorry to seem so newbie about it, but I never had this problem on other platforms so I'm cautious. The thing I don't understand is this: IPFW2 ENHANCEMENTS [...] keepalives ipfw1 does not generate keepalives for stateful sessions. As a consequence, it might cause idle sessions to drop because the lifetime of the dynamic rules expires. [...] net.inet.ip.fw.dyn_keepalive: 1 Enables generation of keepalive packets for keep-state rules on TCP sessions. A keepalive is generated to both sides of the con- nection every 5 seconds for the last 20 seconds of the lifetime of the rule. So, since I have this sysctl set to 1, why is my connexion reset ? Doesn't it keeps generating keepalives or what ? Basically, I would like keepalives generated forever, until I (or a client) close the connexion to a server. Antoine
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304291634.28223.ajacoutot>