Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPChains question (SOLVED)

> Yes, there is a timeout in IPMasq -- which you can reset.  If there is
> no activity on that particular TCP connection for that period of time,
> then the connection mapping is dropped by the Masquerade server.

It turns out this was the problem, as there was no mention of SSH_PORTS
anywhere in my firewall setup, which I would assume would leave it at
the defaults.  From the IPCHAINS-HOWTO:

"The '-S' command should be followed by three timeout values, each in
seconds: for TCP sessions, for TCP sessions after a FIN packet, and for
UDP packets. If you don't want to change one of these values, simply
give a value of '0'.

The default values are listed in '/usr/src/linux/include/net/ip_masq.h',
currently 15 minutes, 2 minutes and 5 minutes respectively."

I added the line "/sbin/ipchains -M -S 3600 3600 3600", and as long as
the tail or top windows update at least once per hour, I don't get
disconnected (and of course have as many ssh connections open as I
need).  I'll trim that down to what I really need, but you get the
idea.  My thanks to all.

Brian J. Conway
dogbert at
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /