From owner-freebsd-security Mon Aug 6 9:29:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 8A9AA37B401 for ; Mon, 6 Aug 2001 09:29:42 -0700 (PDT) (envelope-from fschapachnik@vianetworks.com.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id NAA66095 for freebsd-security@freebsd.org; Mon, 6 Aug 2001 13:28:32 -0300 (ART) X-Authentication-Warning: ns1.via-net-works.net.ar: fpscha set sender to fschapachnik@vianetworks.com.ar using -f Date: Mon, 6 Aug 2001 13:28:32 -0300 From: Fernando Schapachnik To: freebsd-security@freebsd.org Subject: ssh keepalive and dynamic rules Message-ID: <20010806132832.A61827@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, On a bridging firewall using ipfw I noticed that ssh conections get hung after an inactivity period. On some tests, tcpdumping the connection between two FreeBSD machines, both client and server with ssh "KeepAlive yes", I don't see any kind of keep alive traffic. dyn_ack timeout could be raised, but doesn't seem a proper solution. Any ideas on why ssh is not sending keepalive packets? Thanks! Fernando P. Schapachnik Planificación de red y tecnología VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Tel.: (54-11) 4323-3381 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message