On 20/05/16 15:51, Vladimir Zakharov wrote:
On Fri, May 20, 2016, Jan Bramkamp wrote:
On 20/05/16 14:54, Vladimir Zakharov wrote:
On Fri, May 20, 2016, O. Hartmann wrote:
I reported earlier about broken pipes in ssh sessions to remote hosts,
which occur on an erratic basis. i'm investigating this problem now and
it seems that it is also ipfw-related, but I'm not sure. This problem
is present since a couple of weeks now.
Maybe this could help...
I've also experienced problems with broken pipes in ssh sessions some
time ago. Setting in sysctl.conf
fixed problem for me. I didn't experiment with the value though. So,
possibly, changing default value (300s) to 1 hour is overkill :).
By default the OpenSSH SSH client is configured to use TCP keepalives.
Those should produce enough packets at a short enough interval to keep
the dynamic IPFW state established.
Does your traffic pass through libalias?
I guess not. How can I be sure?
Libalias is used by ipfw and the old userland natd to implement IPv4
NAT. It requires unmodified access to all packets including their
headers. LRO and TSO coalesce packets to reduce save CPU time but the
process is loses some of the information required by libalias. Unless
your ruleset uses ipfw in-kernel NAT or diverts traffic to natd you
don't have to worry about libalias.
Use `kldstat -v | grep libalias` to check for libalias in the running
kernel and `pgrep natd` to search for running natd instances.
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"