Date: Tue, 13 Jan 2009 11:49:01 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: IPv6, ssh and ipfw Message-ID: <gkhrj7$sa4$1@ger.gmane.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBD4346EF0EB31B6302AAC76C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, I'm experimenting with IPv6 and so far all is well except one thing: my ssh sessions are dropped/stalled after a few minutes. I'm using ipfw and by monitoring its dynamic/state-keeping rules I see that it's timeouting the rules after 60 seconds (this time is configured in net.inet.ip.fw.dyn_ack_lifetime). The problem is, this is not happening with IPv4 ssh sessions. I see the timeout is counting down for my dynamic/stateful IPv4 ssh session but it's reset before it reaches 0, which is consistent with observed behaviour - on Windows, I can start putty, hybernate or sleep the OS (i.e. the machine practically turns off) and wake it up another day to see the ssh session still alive. Aside from obvious DOS opportunities on the server, I like this behaviour. This is *not* apparently created by using keepalive messages since they are obviously not sent while the machine is sleeping (and they are disabled in sshd_conf). Why is ssh over IPv6 behaving differently than on IPv4? Is there a special hack for ssh on IPv4? This is on 6-STABLE. --------------enigBD4346EF0EB31B6302AAC76C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbHGdldnAQVacBcgRApp6AKCOz98vu8wXaDwibQOGDito3xaMMQCeMYF7 jDH9O8oUeLnwHdnYGVYYfCQ= =ptUV -----END PGP SIGNATURE----- --------------enigBD4346EF0EB31B6302AAC76C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gkhrj7$sa4$1>