Date: 25 Apr 2003 08:45:45 -0400 From: Dan Pelleg <daniel+bsd@pelleg.org> To: Tommy Forrest - KE4PYM <tforrest@shellworld.net> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: 4.8 Firewall timing out Message-ID: <u2sof2ubv9i.fsf@gs166.sp.cs.cmu.edu> In-Reply-To: <200304242247.h3OMlsPu044224@server1.shellworld.net> References: <200304242247.h3OMlsPu044224@server1.shellworld.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Tommy Forrest - KE4PYM" <tforrest@shellworld.net> writes: > Hi all. Still having some issues with IPFW in 4.8. > > My main problem right now is the firewall times out ALL activity within > 1-3 minutes of establishing a connection. I'm pretty happy with the > rule base. I've got the connectivity I need. I just need that > connectivity to stay alive. All stay-alive problems disappear with a > ipfw add allow all from any to any. So I know its not the network > thats the problem. > > IPDIVERT, IPFIREWALL, IPFIREWALL_VERBOSE, and > IPFIREWALL_VERBOSE_LIMIT=100 are built in the kernel with default to > deny. > > I'd been working with someone off the list who'd helped me quite a lot > with these rules. But I guess they got too busy before they could > finish helping me (which I can appreciate). > Look for net.inet.ip.fw.dyn_ack_lifetime (and its friends) in the ipfw(8) manpage. Once you find a set of values that does the trick for you, add them to /etc/sysctl.conf. -- Dan Pelleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sof2ubv9i.fsf>