In message <20041025223131.GD17288@che.ojctech.com>, David Young writes:
>On Mon, Oct 25, 2004 at 03:31:11PM -0400, Steven M. Bellovin wrote:
>> In message <200410251920.i9PJKZoJ022707@herd.plethora.net>, Peter Seebach wr
>ite
>> s:
>> >In message <20041025191757.GA1367@antioche.eu.org>, Manuel Bouyer writes:
>> >>On Mon, Oct 25, 2004 at 01:30:29PM -0500, Peter Seebach wrote:
>> >>> In message <20041025181938.GB705@antioche.eu.org>, Manuel Bouyer writes:
>> >>> >Do you have keepalive turned on, and at which rate ?
>> >>> >This could be a difference in setup on the client side.
>> >>> 
>> >>> net.inet.tcp.keepidle = 14400
>> >>> net.inet.tcp.keepintvl = 150
>> >>> net.inet.tcp.keepcnt = 8
>> >>> 
>> >>> Maybe I should change these?
>> >>
>> >>Maybe decrease keepintvl (and increase keepcnt).
>> >>But first, check KeepAlive in ssh_config and sshd_config
>> >
>> >sshd_config didn't have it set - but the sshd side is working fine with
>> >my friend's laptop.
>> >
>> >Interestingly, the default is "yes".  And it's not turned off.  So it
>> >should be keeping the connection alive, and noticing problems.  But it
>> >doesn't; it just hangs.
>> >
>> 
>> It really sounds a lot like a NAT or firewall dropping state.  It all 
>
>A NAT gateway will not send a TCP RST if it has dropped state, thus saying
>"no socket bound to that [no longer translated] port" ?
>

That's right -- I've seen precisely that behavior...

		--Steve Bellovin, http://www.research.att.com/~smb