Philip Craig <[EMAIL PROTECTED]> wrote: > It sounds like it could easily be iptables related, if you have iptables > rules that only allow new connections in the client to server direction, > which is quite normal.
Sure I have those standard rules. iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --syn --dport ssh -j ACCEPT iptables -A INPUT -p tcp --syn --dport http -j ACCEPT ... etc > The default iptables timeout for TCP connections is 5 days. > So after 5 days of idle, any packets from the server will be treated > as a new connection and the iptables rules will drop them. Weird. Why does sending a message from the client make it go again? If that's the case, it seems like a simple fix would be to enable TCP keepalive in my app, that would keep netfilter from timing out, right? That seems better than extending the netfilter timeout. How do people normally handle this? -- Sebastian Kuzminsky - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
