Date: Thu, 26 Dec 2002 00:06:09 -0500 From: Ilya <mail@krel.org> To: ipfw <freebsd-ipfw@freebsd.org> Subject: keepalive incoming does not keep connection alive Message-ID: <20021226050609.GA88329@krel.org>
next in thread | raw e-mail | index | archive | help
Hi. I am running 4.7 Stable with ipfw2 outgoing traffic from lan is nat'ed and works flawlessly. However incoming traffic (especially ssh is the one which gives me problems) the incoming dynamic rule times out after 300 sec and even though I have keepalive set to 1 the rule does not refresh. I can increase the net.inet.ip.fw.dyn_syn_lifetime to 3000 and have it timeout in 10min. But its not really a solution. I saw a patch by Aaron, but he mentions that his patch is now pretty much obsolete because of keepalive. Ive seen multiple reports on google about same behaviour, but never a solution to it. below are relative rules and sysctl: net.inet.ip.fw.enable: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 200 net.inet.ip.fw.dyn_buckets: 4096 net.inet.ip.fw.curr_dyn_buckets: 4096 net.inet.ip.fw.dyn_count: 11 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.static_count: 21 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 3000 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 300 net.inet.ip.fw.dyn_short_lifetime: 300 net.inet.ip.fw.dyn_keepalive: 1 /etc/sysctl.conf: vfs.vmiodirenable=1 kern.ipc.maxsockbuf=2097152 kern.ipc.somaxconn=8192 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.tcp.rfc1323=1 net.inet.tcp.delayed_ack=0 net.inet.tcp.sendspace=65535 net.inet.tcp.recvspace=65535 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.local.stream.recvspace=65535 net.local.stream.sendspace=65535 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 kern.ipc.maxsockets=16424 net.inet.ip.fw.dyn_buckets=2048 net.inet.ip.fw.dyn_max=4096 net.inet.ip.fw.dyn_syn_lifetime=3000 net.inet.ip.fw.dyn_udp_lifetime=300 net.inet.ip.fw.dyn_ack_lifetime=300 net.inet.ip.fw.dyn_short_lifetime=300 ipfw add allow tcp from any to $ip 22 setup keep-state via $inter the rule is created successfully and everything runs excellent untill the connection is left unattended. if you have any sugestion on debugging the keepalive, or making it work please let me know thank you To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021226050609.GA88329>