> >>different keepalive timeouts?  A tunneled pop connection that's polled 
> >>often enoug?
> >
> >No tunneling I know of.  OS X's default keepalive timeout is about 10x
> >NetBSD's.
> >
> 
> One easy test is to run something like
> 
> while true
> do	echo -n .
> 	sleep 60
> done

A buddy of mine had some kind of lame NAT box that would regularly
lose state on a quiet connection.  The simplest test was to add this
to /etc/ssh/sshd_config:

    # Set the keep-alive for a heartbeat every 60 seconds and a connection
    # close after 30 minutes. -wsr 2003/11/26
    ClientAliveInterval  60
    ClientAliveCountMax  30

Note, this facility isn't a tcp-level keep-alive, but a keep alive
sent by sshd itself inside the ssh tunnel.  The stated goal is to keep
attackers from keeping the tunnel open by tcp spoofing attacks.  I
can't get too excited about that attack, but the fact that the
user-accessible knobs let you tune the "ping" interval and the max
drops is pretty darn useful.  The two extra packets a minute seem like
a small price to pay for keeping the NAT boxes of the world happy.

And yes, that did the trick.  There were no more drops after turning
this on.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/