Re: IPfilter NAT and stalled TCP connexions

To: Daniel Carosone <dan%geek.com.au@localhost>
Subject: Re: IPfilter NAT and stalled TCP connexions
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Tue, 30 Mar 2010 10:17:10 -0400

On Mar 30, 2010, at 1:12 23AM, Daniel Carosone wrote:

> On Tue, Mar 30, 2010 at 03:53:37PM +1100, Daniel Carosone wrote:
>> ssh has the ServerAliveInterval option to do that for you. set & forget. 
> 
> Especially useful when the span of a tcp connection and its keepalives
> is not the same as the span of the ssh session, such as when going
> through certain types of proxies (socks, http connect, etc) that
> terminate tcp.   
> 
> See how easy it is to forget? :)

You're assuming, of course, that I want all that extra traffic all the time...

Yes, I have tinkered with my keep-alive settings, both for TCP and ssh.  But 
they're tuned to *normal* middleboxes..

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- IPfilter NAT and stalled TCP connexions
  - From: Emmanuel Dreyfus
- Re: IPfilter NAT and stalled TCP connexions
  - From: Greg Troxel
- Re: IPfilter NAT and stalled TCP connexions
  - From: Steven Bellovin
- Re: IPfilter NAT and stalled TCP connexions
  - From: Daniel Carosone
- Re: IPfilter NAT and stalled TCP connexions
  - From: Daniel Carosone

Prev by Date: Re: IPfilter NAT and stalled TCP connexions
Next by Date: Need help with porting iwn driver
Previous by Thread: Re: IPfilter NAT and stalled TCP connexions
Next by Thread: Re: IPfilter NAT and stalled TCP connexions
Indexes:

Home | Main Index | Thread Index | Old Index