Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Apr 2003 16:34:28 +0200
From:      Antoine Jacoutot <ajacoutot@lphp.org>
To:        Michael Sierchio <kudzu@tenebras.com>
Cc:        Bruno Afonso <brunomiguel@dequim.ist.utl.pt>
Subject:   Re: ipfw dynamic rule timeout
Message-ID:  <200304291634.28223.ajacoutot@lphp.org>
In-Reply-To: <3EAE8C13.8080009@tenebras.com>
References:  <200304271259.02025.ajacoutot@lphp.org> <200304291616.52730.ajacoutot@lphp.org> <3EAE8C13.8080009@tenebras.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tuesday 29 April 2003 16:28, Michael Sierchio wrote:
> Antoine Jacoutot wrote:
> > net.inet.tcp.keepidle: 7200000
>
> That's a very long time, longer that the five minutes
> you keep rules alive for.

OK, so should I low it ?
I'm sorry to seem so newbie about it, but I never had this problem on other 
platforms so I'm cautious.
The thing I don't understand is this:

IPFW2 ENHANCEMENTS
[...]
keepalives
             ipfw1 does not generate keepalives for stateful sessions.  As a
             consequence, it might cause idle sessions to drop because the
             lifetime of the dynamic rules expires.
[...]
net.inet.ip.fw.dyn_keepalive: 1
             Enables generation of keepalive packets for keep-state rules on
             TCP sessions. A keepalive is generated to both sides of the con-
             nection every 5 seconds for the last 20 seconds of the lifetime
             of the rule.

So, since I have this sysctl set to 1, why is my connexion reset ?
Doesn't it keeps generating keepalives or what ?
Basically, I would like keepalives generated forever, until I (or a client) 
close the connexion to a server.

Antoine



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200304291634.28223.ajacoutot>