[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  jesse at wingnet dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] known issues with 1.2b3
 Date:  Fri, 04 Feb 2005 09:56:19 +0100
I can't comment about the other issues, but here's something:

On 04.02.2005 03:36 -0500, Jesse Guardiani wrote:

> 3.) TCP/IP connection drops
>         My SSH connections die after about 2 hours
>         under 1.2b3. I don't think this used to happen
>         under 1.11. Someone else confirmed that this
>         happens to them too. The connection isn't
>         denied. It seems like it times out.

That's because as of 1.2b2, the TCP idle timeout for the firewall is
2.5 hours instead of the ipfilter default of 10 days (!) to keep the
state table from filling up with dead connections. This value can be
modified on the advanced setup page, though it is not recommended to
do that. So of course if your SSH connection doesn't transfer a
single byte for two hours, the ipfilter state table entry is deleted
and the connection breaks. Try turning on keep-alive in your SSH
client.

BTW, some commercial firewalls come with a default timeout of 5
minutes!

- Manuel