[ previous ] [ next ] [ threads ]
 From:  Darryl Okahata <darrylo at soco dot agilent dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] known issues with 1.2b3
 Date:  Fri, 04 Feb 2005 10:36:16 -0800
Manuel Kasper <mk at neon1 dot net> wrote:

> That's because as of 1.2b2, the TCP idle timeout for the firewall is
> 2.5 hours instead of the ipfilter default of 10 days (!) to keep the
> state table from filling up with dead connections. This value can be
> modified on the advanced setup page, though it is not recommended to
> do that. So of course if your SSH connection doesn't transfer a
> single byte for two hours, the ipfilter state table entry is deleted
> and the connection breaks. Try turning on keep-alive in your SSH
> client.

     This needs to go into the documentation or the FAQ.  Otherwise,
it'll keep on coming back.


     And again.

	Darryl Okahata
	darrylo at soco dot agilent dot com

DISCLAIMER: this message is the author's personal opinion and does not
constitute the support, opinion, or policy of Agilent Technologies, or
of the little green men that have been following him all day.