> Hi,
>
> There are hosts in my LAN behind a Shorewall FW that need to keep
> Oracle connections alive (tcp 1521) with other hosts that are behind a
> remote Fortinet Fortiguard FW.
>
> The Fortinet admin has set the following in his FW:
>
> set protocol 6
> set timeout 28800
^^^^^^^^^^^^^^^^^
What's this value exactly?
Timeout can mean a lot. Could it be that the FW is doing some NAT and this
is the connection tracking timeout?
Do you actually see any issues with these connections? Or do you just want
to have a matching configuration?
Regards,
Simon
> set start-port 1521
> set end-port 1521
>
> I don't know how to translate "set timeout 28800" to
> Shorewall/iptables on Linux.
>
> I've searched for timeouts and keepalives at OS level with sysctl such as:
>
> net.ipv4.tcp_keepalive_intvl = 75
> net.ipv4.tcp_keepalive_probes = 9
> net.ipv4.tcp_keepalive_time = 7200
>
> but I believe that wouldn't necessarily apply here in the case of a
> Shorewall router, or would it?
>
> Also, I don't want to change any global OS settings, but I'd rather
> stick to just tcp 1521.
>
> I didn't see anything in shorewall about keepalives or connection
> timeouts except rate limiting in the rules file and TTL in the mangle
> file.
>
> Nothing that seems to apply to the topic at hand.
>
> Any suggestions?
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
