Chris Buechler wrote: > Geoff Crompton wrote: >> I've done a further test. I also get my connection dropped if I use ssh >> and ssh to a public IP address that is port forwarded to a server in the >> LAN. >> > > Yes, if you leave the connection idle longer than the state time. > Enabling SSH keepalives in your client fixes that, you don't really want > to increase the state table timeout if you can help it. Though you can > create a specific rule for SSH and increase the timeout for just SSH. > > >> So I'm guessing this issue is something to do with NAT on pfSense, >> rather than ejabberd. >> > > I'm not familiar with how jabber works, it sounds like it can also sit > for a long time without sending any data, then when it tries to send > data again the state has been timed out and it doesn't initiate a new > connection. Changing the state timeout on the rule that allows jabber > traffic sounds like it will fix this as well, and is probably the > preferred thing to do for this since you can't easily control all your > clients.
Thanks for that Chris. We'll try that out, once we've got the pfSense firewall back up. We'd booted to a CDrom to test it out, incase we wanted to fall back to our IPcop install, but my boss accidentally rebooted it. Of course we download the config file during our evaluation, so all was not lost. It's just that my boss hand hacked the xml, and forgot to close a tag, so when we tried to boot up using that config, it failed. This was in the middle of the day, so at that point we just went back to the IPcop install. -- Geoff Crompton Debian System Administrator http://www.strategicdata.com.au Phone: +61 3 9340 9000 Fax: +61 3 9348 2015 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
