From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 11:57:14 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B32637B401 for ; Tue, 8 Jul 2003 11:57:14 -0700 (PDT) Received: from freshaire.wiz.com (freshaire.wiz.com [66.143.183.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E6CD43F93 for ; Tue, 8 Jul 2003 11:57:13 -0700 (PDT) (envelope-from marc@wiz.com) Received: from freshaire.wiz.com (localhost [127.0.0.1]) by freshaire.wiz.com (8.12.6/8.12.6) with ESMTP id h68IvC7c020740 for ; Tue, 8 Jul 2003 13:57:12 -0500 (CDT) (envelope-from marc@freshaire.wiz.com) Received: (from marc@localhost) by freshaire.wiz.com (8.12.6/8.12.6/Submit) id h68IvC7W020739 for freebsd-questions@freebsd.org; Tue, 8 Jul 2003 13:57:12 -0500 (CDT) Date: Tue, 8 Jul 2003 13:57:12 -0500 From: Marc Wiz To: FreeBSD Questions Message-ID: <20030708185712.GP19130@freshaire.wiz.com> References: <20030708110837.Q54307@njamn8or.no-ip.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030708110837.Q54307@njamn8or.no-ip.org> User-Agent: Mutt/1.4i Subject: Re: ssh keepalives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2003 18:57:14 -0000 On Tue, Jul 08, 2003 at 11:10:41AM -0700, Viktor Lazlo wrote: > > On Thu, 3 Jul 2003, Philip J. Koenig wrote: > > > One of those firewalls is quite flexible about protocol state > > timeouts, I can set this on a service-by-service basis. (ie I could > > increase it for SSH and no other service) > > > > Unfortunately the firewall on the other side isn't so accommodating. > > It has a single timeout setting that affects all traffic that > > traverses the firewall, and I'd rather not increase that too high. > > If there is no option then run a low-bandwidth application in the > background to keep the connection alive, or script something to generate > some activity at frequent enough intervals to do so. I have noticed that with some firewalls at various places that I have worked that it is not sufficient to just have the remote end send data but you have to send data from your side. Needless to say it is a royal pain. Marc -- Marc Wiz marc@wiz.com Yes, that really is my last name.