In message <75ff70b05092202101d972633@mail.gmail.com>, Onno Ebbinge writes:
>Do you guys have "KeepAlive" on?
>
>A statefull firewall has timeouts on state table entries, keep alives should
>reset them so they never time out.

Right.  I put this my /etc/sysctl.conf file, mostly to cope with hotel 
NAT box timeouts, which are optimized for Web traffic.


net.inet.tcp.keepidle=1800
net.inet.tcp.keepcnt=64   



		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb