Date: Tue, 29 Apr 2003 16:34:28 +0200 From: Antoine Jacoutot <ajacoutot@lphp.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: Bruno Afonso <brunomiguel@dequim.ist.utl.pt> Subject: Re: ipfw dynamic rule timeout Message-ID: <200304291634.28223.ajacoutot@lphp.org> In-Reply-To: <3EAE8C13.8080009@tenebras.com> References: <200304271259.02025.ajacoutot@lphp.org> <200304291616.52730.ajacoutot@lphp.org> <3EAE8C13.8080009@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 29 April 2003 16:28, Michael Sierchio wrote:
> Antoine Jacoutot wrote:
> > net.inet.tcp.keepidle: 7200000
>
> That's a very long time, longer that the five minutes
> you keep rules alive for.
OK, so should I low it ?
I'm sorry to seem so newbie about it, but I never had this problem on other
platforms so I'm cautious.
The thing I don't understand is this:
IPFW2 ENHANCEMENTS
[...]
keepalives
ipfw1 does not generate keepalives for stateful sessions. As a
consequence, it might cause idle sessions to drop because the
lifetime of the dynamic rules expires.
[...]
net.inet.ip.fw.dyn_keepalive: 1
Enables generation of keepalive packets for keep-state rules on
TCP sessions. A keepalive is generated to both sides of the con-
nection every 5 seconds for the last 20 seconds of the lifetime
of the rule.
So, since I have this sysctl set to 1, why is my connexion reset ?
Doesn't it keeps generating keepalives or what ?
Basically, I would like keepalives generated forever, until I (or a client)
close the connexion to a server.
Antoine
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304291634.28223.ajacoutot>