Stewart Stremler wrote:
I don't have those set in my ssh_config, and I go through an Asante
NAT/firewall/router widget, and I have ssh sessions that stay up,
working, and idle for days on end.
Yours probably doesn't do timers -- it probably has connection aging. In
this method, the translation state table is a fixed size, and once it's
full, the oldest translation is kicked out. If the table never fills,
connections don't get aged out. But, then you could end up with stale
translations sitting around. Six in one hand, half a dozen in the other ...
(My personal suspicion that the reason so many people dislike NAT is
that there are so many crappy NAT devices out there. It's like
people bad-mouthing automobiles when they've only ever driven Yugos,
or slamming OOP when they've only programmed in C++.)
No, it's because NAT is deficient. NAT breaks things. And, the plethora
of shitball NAT devices doesn't help this, either.
I'm not about to say that the Asante box is perfect... but it works
well enough so that I'm not inclined to set up a Soekris box or a
tiny-linux-box equivalent to run a NAT device in a way that I think
would be ... better.
you and most of the world. People are less inclined to fix a problem
properly when they have a solution that "mostly works." it's like that
code band-aid you put in, intending to fix properly, then never got
around to. Before you know it, the code ships to the public and everyone
has the crappy fix. It's really no different.
Talk to you later,
-kelsey
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
