Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Jul 2002 13:48:33 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Rob Ellis <rob@web.ca>
Cc:        net@wsf.at, Didier Rwitura <drwitura@primus.ca>, ipfw@FreeBSD.ORG
Subject:   Re: disconection
Message-ID:  <20020718134832.A25924@iguana.icir.org>
In-Reply-To: <20020718204328.GQ40395@web.ca>; from rob@web.ca on Thu, Jul 18, 2002 at 04:43:28PM -0400
References:  <005f01c22e83$e19188c0$b0120a0a@primustel.ca> <200207181841.g6IIfmY09684@www.wsf.at> <20020718204328.GQ40395@web.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jul 18, 2002 at 04:43:28PM -0400, Rob Ellis wrote:
> an alternative to ssh KeepAlive is to use protocol 2 with
> ClientAliveInterval and ClientAliveCountMax set. (see
> sshd man page).

the version of ipfw in -current now generates keepalives on dynamic
rules. Patches for -stable are at

http://info.iet.unipi.it/~luigi/ipfw2.stable.020715.diffs

	cheers
	luigi

> - rob
> 
> > 
> > Regarding your original problem, there are 3 options:
> > 1) Configure ipfw to pass traffic to/from 22 without using 
> > 'keep-state', replace 300 with:
> > add 00200 allow tcp from 216.254.136.110 to me ssh
> > add 00201 allow tcp from me 22 to 216.254.136.110
> > (replace '216.254...' with 'any' if you want to connect from anywhere
> > but check your version of sshd first! )
> > 
> > 2) increase the lifetime of the temporary rules created by 
> > 'keep-state'. See 'man ipfw, search for 'SYSCTL', see
> > 'net.inet.ip.fw.dyn_ack_lifetime'.
> > 
> > 3) Configure sshd and/or your ssh-client to use keepalives.
> > 
> > HTH
> > 
> > Thomas
> > 
> > P.S.: Please don't top-post, it makes it much more difficult 
> > to follow the thread.
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-ipfw" in the body of the message
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020718134832.A25924>