Re: SSH disconnects very troubling
On Tuesday 04 December 2007 02:40:35 Anne Moore wrote: Thanks, Kevin. This may well work with the SSH, but it's actually disconnecting all my clients, telnet, Oracle, etc. There is a config for telnet, but nothing for Oracle (that I know of). Also, ldap, etc. It's the strangest thing!! No it's not strange. There is a firewall between the hosts, which drops the connections after some time of inactivity. You can generate keepalive packets for every TCP connection between your FreeBSD box and the world using ipfw. A rule like: allow tcp from any to any keep-state will effectively keep all TCP connections alive. Two things: 1) If you are not familiar with ipfw, read the manual before loading the ipfw module. Otherwise, you'll be locked out of your box. 2) I don't know if the above rules fits your security policy. Or the services your FreeBSD box provides. Modify as needed. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SSH disconnects very troubling
That's awesome. Great idea! I'll do just that... Thank you for your help. -Anne -Original Message- From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 04, 2007 6:47 AM To: freebsd-questions@freebsd.org Cc: Anne Moore Subject: Re: SSH disconnects very troubling On Tuesday 04 December 2007 02:40:35 Anne Moore wrote: Thanks, Kevin. This may well work with the SSH, but it's actually disconnecting all my clients, telnet, Oracle, etc. There is a config for telnet, but nothing for Oracle (that I know of). Also, ldap, etc. It's the strangest thing!! No it's not strange. There is a firewall between the hosts, which drops the connections after some time of inactivity. You can generate keepalive packets for every TCP connection between your FreeBSD box and the world using ipfw. A rule like: allow tcp from any to any keep-state will effectively keep all TCP connections alive. Two things: 1) If you are not familiar with ipfw, read the manual before loading the ipfw module. Otherwise, you'll be locked out of your box. 2) I don't know if the above rules fits your security policy. Or the services your FreeBSD box provides. Modify as needed. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH disconnects very troubling
On Mon, Dec 03, 2007 at 06:22:40PM -0500, Anne Moore wrote: Hi All Whenever my users connect to my FreeBSD system, they are automatically disconnected after 1 minute of inactivity. This happens no matter if they are connected to our Oracle instance or SSH or Telnet, or anything. It's like the server hangs-up on them after no activity for a minute or so. I ran tcpdump during and received this error on the disconnect: 17:20:21.362159 IP 192.168.8.90.56141 myhost1.rdm.loc.ssh: . ack 233 win 33303 nop,nop,timestamp 2469825 98100123 I'm stumped! Does anyone have any idea why this might be happening? Sounds like you've got a stateful firewall in the mix somewhere that's disconnecting idle connections with a timeout of 1 minute. Cheers. -- Jonathan Chen [EMAIL PROTECTED] -- If everything's under control, you're going too slow - Mario Andretti ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH disconnects very troubling
At 05:22 PM 12/3/2007, Anne Moore wrote: Hi All Whenever my users connect to my FreeBSD system, they are automatically disconnected after 1 minute of inactivity. This happens no matter if they are connected to our Oracle instance or SSH or Telnet, or anything. It's like the server hangs-up on them after no activity for a minute or so. I ran tcpdump during and received this error on the disconnect: 17:20:21.362159 IP 192.168.8.90.56141 myhost1.rdm.loc.ssh: . ack 233 win 33303 nop,nop,timestamp 2469825 98100123 I'm stumped! Does anyone have any idea why this might be happening? Thank you for your help! Anne I would check your firewall setting, which may disconnect connections on inactivity. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SSH disconnects very troubling
Thanks, Kevin. This may well work with the SSH, but it's actually disconnecting all my clients, telnet, Oracle, etc. There is a config for telnet, but nothing for Oracle (that I know of). Also, ldap, etc. It's the strangest thing!! thank you though for response Anne -Original Message- From: Kevin Kinsey [mailto:[EMAIL PROTECTED] Sent: Monday, December 03, 2007 7:26 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: SSH disconnects very troubling Anne Moore wrote: Whenever my users connect to my FreeBSD system, they are automatically disconnected after 1 minute of inactivity. This happens no matter if they are connected to our Oracle instance or SSH or Telnet, or anything. It's like the server hangs-up on them after no activity for a minute or so. I ran tcpdump during and received this error on the disconnect: 17:20:21.362159 IP 192.168.8.90.56141 myhost1.rdm.loc.ssh: . ack 233 win 33303 nop,nop,timestamp 2469825 98100123 I'm stumped! Does anyone have any idea why this might be happening? I recently had trouble with this issue after a change in service providers between my office and some servers, although, IIRC, it was more than just one minute until the disconnect. Adding this to /etc/ssh/sshd_config on the servers seems to have fixed the issue: ClientAliveInterval 30 ClientAliveCountMax 10 HTH, Kevin Kinsey -- I should have been a country-western singer. After all, I'm older than most western countries. -- George Burns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
