12/15 I have cable srevice by at&t, but I don't think this is a problem
with my cable service. Basically, I have a linux 2.2 natd box for
connections from my internal network. I have win98/ win2k/linux
behind the natd box. WHen I ssh out (OpenSSH_2.3.0p1 or ttssh),
if I am idle for say, 5 mins, the connection is cut..reset
by peer. Why does this happen, and how do I fix it?
\_ I don't have this problem with a similar setup. Could the other
side be idling you out? I _have_ had that problem.
\_ This is a problem with ipchains. It doesn't have any state, so
it has no idea about connections and things like that, so to keep
from having NAT sessions open forever, it has timeouts for inactive
NAT sessions. I forget where you change this (it's been years since
I used ipchains, since iptables (linux 2.4 filtering) is so much
better.) however, I'll bet money that that is your problem. Look
it up in the ipchains HOWTO, I believe it is in there, and increase
the timeout for TCP, since the default is something low, like 5
minutes. There may be a way to get ssh to send connection keep
alive packets, which would solve the problem without having a large
timout value, so I'd look into that as well. Or, just switch to
2.4, and use iptables. Stateful packet filtering is your friend.
-- ajani
\_ thanks! when i was using ipf on openbsd I kind of took this for
granted.
\_ NAT is stateful by definition. You can't do NAT without keeping
session state information. NAT session timeouts exist in all
implementations, not just ipchains because if you don't expire
the idle sessions, there is a higher chance that the NAT session
state table will eventually fill up. What Linux iptables adds is
a session state tracking for non-NAT sessions as well.
\_ Uh, the ipchains NAT session timeout default is way bigger than
a few minutes. Check the HOWTO, it is more like several hours. |
http://csua.com/feed/