Date: Tue, 10 Apr 2001 14:06:00 -0700 From: Trevin Chow <tmchow@sfu.ca> To: David Kelly <dkelly@hiwaay.net> Cc: questions@FreeBSD.ORG Subject: Re: Firewall rules causing SSH disconects? Message-ID: <5.0.2.1.2.20010410134314.02603bf8@popserver.sfu.ca> In-Reply-To: <20010410141457.A8255@grumpy.dyndns.org> References: <Pine.GSO.4.30.0104092140290.3437-100000@fraser.sfu.ca> <Pine.GSO.4.30.0104092140290.3437-100000@fraser.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:14 PM 4/10/2001 -0500, David Kelly wrote: <snip> >Then again this might have more to do with NAT in the Pipeline than >firewall altho the two are hard to tell apart. ><snip> >Playing with keep-state and check-state in ipfw I found the default >timer values to be way too fast. Only played with it for about an hour >but observed connection states were dropped when netstat said the socket >was still open, and my applications were crying because they too were >upset about their connections failing. > >Maybe I wrote the ipfw rule(s) wrong. Used a simple "allow all outgoing >tcp connection from this host to any and keep-state". Maybe it was >keeping state of "connection in progress" when I intended only the act >of connecting was allowed to establish a pass rule between two hosts. I've used 2 different versions of firewall rules. One was just a simple ruleset filtering out very little, and the one I'm trying now uses some "keep-state" rules from an article i read on BSDToday (http://www.bsdtoday.com/2000/December/Features359.html). However, I seem to be getting the same behaviour on both sets of rules. I'm going to try just an completely open firewall and see if I get the same behaviour. I guess this begs the question: What would cause a firewall to cut off idle connections? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.2.20010410134314.02603bf8>