Date: Wed, 25 Nov 1998 13:52:14 -0800 From: Jesse Robbins <jesse@nda.com> To: freebsd-questions@FreeBSD.ORG Subject: NATD hang on long idle connections Message-ID: <19981125135214.B1210@taz.nda.com>
next in thread | raw e-mail | index | archive | help
Greetings!
I recently created a firewall using 2.2.7-STABLE
It works wonderfully for bursty transfers like ftp and http stuff. It
also is fine when doing any kind of interactive session like ssh and telnet.
However, regardless of application, OS, or remote target, if I leave a
session idle for more than a few minutes, and then type a key or two there
is a LONG delay before the session actually "unfreezes". I don't
lose any keystrokes or drop the session... usually.
The problem is irritating, and easily observable.
Any help would be appreciated!
Here are my configs:
FreeBSD gateway 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Wed Sep 30 15:52:32 GMT 1998
/etc/natd.conf
#log
use_sockets
same_ports
#unregistered_only
interface vx0
deny_incoming
redirect_port tcp 172.30.31.100:80 500
ifconfig -a:
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.80.10.231 netmask 0xffffff00 broadcast 192.80.10.255
inet 192.80.11.1 netmask 0xffffff00 broadcast 192.80.11.255
ether 00:10:4b:cd:ec:b5
media: autoselect (10baseT/UTP <half-duplex>)
supported media: autoselect 100baseTX <full-duplex> 100baseTX <half-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP <half-duplex> 10baseT/UTP
vx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 205.226.66.126 netmask 0xffffff00 broadcast 205.226.66.255
ether 00:a0:24:c0:f3:b9
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ipfw show:
00300 0 0 deny ip from 192.80.10.0/24 to any in recv vx0
00400 0 0 deny ip from 192.80.11.0/24 to any in recv vx0
00500 0 0 deny ip from 172.30.31.0/24 to any in recv vx0
00600 71821 31352774 allow tcp from any to 205.226.66.126 21-25
00700 11 527 allow tcp from any to 205.226.66.126 53
00800 180144 18351417 allow udp from any to 205.226.66.126 53
00900 4597238 2827234556 divert 8668 ip from any to any via vx0
01000 9350986 1568491979 allow ip from any to any
65535 0 0 deny ip from any to any
--
__________________________________________________________
Jesse Robbins Net Daemons Asc.
Network Engineer 1818 Gilbreth Rd Suite 234
jesse@nda.com Burlingame, Ca 94010
(650) 692-8100
----- End forwarded message -----
--
__________________________________________________________
Jesse Robbins Net Daemons Asc.
Network Engineer 1818 Gilbreth Rd Suite 234
jesse@nda.com Burlingame, Ca 94010
(650) 692-8100
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981125135214.B1210>