> TCP keepalives are usually sent once per hour or so (did some
> googling: default on most unixes seems to be 2 hours),

RFC 1122 4.2.3.6 ("TCP Keep-Alives"): [The keep-alive] interval MUST be
configurable and MUST default to no less than two hours.

> which is enough to clean up "dead" TCP connections, but usually not
> enough to keep open over-eager NAT routers.

I once had to deal with a NAT box with a very low timeout, on the order
of three minutes.  I ended up hacking an option into the kernel so I
could have it *always* do keepalives whether userland requested them or
not, and crank the interval down to about a minute.  Gross, but it let
me actually use ssh through that NAT box. :-þ

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B