I am having a problem with ssh sessions from my windows box to my freebsd
box timing out after a number of idle minutes. SecureCRT still shows a
valid connection until I try to type some keys, and then after a minute it
says "connecton reset". I believe I have isolated the problem to the ipfw
firewall timing out the connection. I am currently using dynamic rules
such as:
add check-state
add reset tcp from any to {myip} established
add reset tcp from {myip} to any established
add allow tcp from any to {myip} ssh setup keep-state
The sysctl variable net.inet.ip.fw.dyn_ack_lifetime seems to be responsible
for this, but I only want to set a very large lifetime for things like
ssh. Is it possible to disable automatic timeouts or make long timeouts on
a rule-by-rule basis? Or perhaps a way to keep the dynamic rule alive as
long as the connection is alive?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
