Date: Fri, 31 Mar 2000 13:16:36 -0600 From: Keith Ray <rayk@sugar-land.spc.slb.com> To: freebsd-hackers@FreeBSD.ORG Subject: ssh timeouts & ipfw dyn_ack_lifetime Message-ID: <4.3.1.2.20000331123429.00ad6890@163.188.48.51>
next in thread | raw e-mail | index | archive | help
I am having a problem with ssh sessions from my windows box to my freebsd
box timing out after a number of idle minutes. SecureCRT still shows a
valid connection until I try to type some keys, and then after a minute it
says "connecton reset". I believe I have isolated the problem to the ipfw
firewall timing out the connection. I am currently using dynamic rules
such as:
add check-state
add reset tcp from any to {myip} established
add reset tcp from {myip} to any established
add allow tcp from any to {myip} ssh setup keep-state
The sysctl variable net.inet.ip.fw.dyn_ack_lifetime seems to be responsible
for this, but I only want to set a very large lifetime for things like
ssh. Is it possible to disable automatic timeouts or make long timeouts on
a rule-by-rule basis? Or perhaps a way to keep the dynamic rule alive as
long as the connection is alive?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000331123429.00ad6890>