Hello all, I am running an OpenSSH 4.3 server on an embedded Linux system, so I have turned on the ClientAliveInterval and TCPKeepAlive options in sshd_config. ClientAliveInterval is set to 10, and the OS's TCP keep-alive settings are time = 10, probes = 5, and intvl = 10. (I need it all low b/c server processes could be holding system-wide locks.)
If I connect to the SSH server directly (i.e., without a firewall in between), then those settings work fine; server processes die when the connection is down and stay up when it's up. However, here's my problem: if I connect from outside my ZyWALL 10 firewall, then the connection is dropped after about a minute of user inactivity. The weird thing is that if I connect from outside the firewall via _Telnet_ (which is using TCP keep-alives too), then it works correctly. And the _other_ weird thing is that if I use a cheap consumer firewall instead (D-Link DI-604), then SSH works correctly too. It's only SSH with the ZyWALL 10 that messes up. This seems to implicate the SSH-level keep-alives and their interaction with the ZyWALL, which makes no sense to me because aren't they just data in the encrypted TCP stream? Any suggestions would be welcome. Thanks, Tristan
