Le Jeudi 18 Janvier 2007 02:00, Allen a icrit : > Peter Matulis wrote: > > I am using OBSD 3.8 as a firewall for a small office and I have an > > XP user that connects to a remote host via MS Remote Desktop (TCP > > 3389). > > > > Occasionally, this user complains that her connection is severed > > and that afterwards she can no longer reconnect. (She has taken > > the bad habit, of which I have recently became aware, of goig into > > the next room and cold booting the machine; which solves the > > problem.) So far, this appears to be a random occurence. > > I have a feeling it's not so random. It's probably related to when > the connection has been left idle for an extended period of time.
I'll inquire. UPDATE: I just discovered that this "person" is using a monowall VPN client to setup a tunnel in which she sends her RDP. Can this be causing the problem? Maybe I should tell her to, when the connection drops, to renegotiate the tunnel using the client software. Comments on this? This is a client of mine and I want to keep them happy but I want a stable solution. > > I do not have any logs yet to help diagnose the problem. I was > > wondering that maybe others have experienced the same issue or > > whether people have some ideas on how to troubleshoot. > > The quick-and-easy answer is: > > 1.) For you to add an rdr rule for ICMP to that machine from (at > least) her IP. (This allows the remote pinging of _that_ machine > through the firewall, thus maintaining state with the RDP client.) > 2.) From a DOS prompt have her open a 'ping -t rdp.ip.goes.here' to > recursively ping the Windows RDP machine whilst she's connected. (You > can even do this through an automagic log-on script for her if you'd > like.) That's an idea but I don't understand why I need a redirect. Why not a simple "pass out" rule? > Alternately, you could also selectively crank up your timeouts and > such in pf.conf for that remote ip/port combination. Not sure how. I'll read up. Thanks for your time, Peter
