Date: Fri, 20 May 2016 15:28:35 +0200 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-current@freebsd.org Subject: Re: CURRENT: ipfw: problems with timeouts and worse network performance Message-ID: <38888426-4d91-56ed-9ab3-0d516b0b8d46@rlwinm.de> In-Reply-To: <20160520125401.GC2371@vzakharov> References: <20160520140152.3ab6fe44@hermann> <20160520125401.GC2371@vzakharov>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/05/16 14:54, Vladimir Zakharov wrote: > Hello > > On Fri, May 20, 2016, O. Hartmann wrote: >> I reported earlier about broken pipes in ssh sessions to remote hosts, >> which occur on an erratic basis. i'm investigating this problem now and >> it seems that it is also ipfw-related, but I'm not sure. This problem >> is present since a couple of weeks now. > > Maybe this could help... > > I've also experienced problems with broken pipes in ssh sessions some > time ago. Setting in sysctl.conf > > net.inet.ip.fw.dyn_ack_lifetime=3600 > > fixed problem for me. I didn't experiment with the value though. So, > possibly, changing default value (300s) to 1 hour is overkill :). By default the OpenSSH SSH client is configured to use TCP keepalives. Those should produce enough packets at a short enough interval to keep the dynamic IPFW state established. Does your traffic pass through libalias?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38888426-4d91-56ed-9ab3-0d516b0b8d46>