RE: red hat firewall question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We control the client side as well as the server side so for the few
that are impacted by the quick timeouts it's manageable for us.

Regards, Marshall 

>-----Original Message-----
>From: redhat-list-bounces@xxxxxxxxxx 
>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore
>Sent: Tuesday, December 04, 2007 4:37 PM
>To: 'General Red Hat Linux discussion list'
>Subject: RE: red hat firewall question
>
>Well yes, I could ask all of our clients to do that with each of their
>programs, or I could just do it once time on the Red Hat box 
>and it will
>take care of everything. As you can see it'll be much easier 
>to do it on
>just the one Red Hat box.
>
>My problem is that I cannot find enough documentation on the keep
>alives/state for ipfilter. I'm still searching...
>
>Thanks for the help. -Anne 
>
>-----Original Message-----
>From: redhat-list-bounces@xxxxxxxxxx 
>[mailto:redhat-list-bounces@xxxxxxxxxx]
>On Behalf Of McDougall, Marshall (FSH)
>Sent: Tuesday, December 04, 2007 3:49 PM
>To: General Red Hat Linux discussion list
>Subject: RE: red hat firewall question
>
>Sorry, didn't realize that there were external forces 
>(firewall) in play
>here.  Might there be a better solution from the client side?  
>We have FW
>issues like that here(our timeouts are 20 minutes) and we 
>mitigate it by
>turning on "keep alives" in the putty, DB client, etc.
>
>Regards, Marshall 
>
>>-----Original Message-----
>>From: redhat-list-bounces@xxxxxxxxxx
>>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore
>>Sent: Tuesday, December 04, 2007 11:09 AM
>>To: 'General Red Hat Linux discussion list'
>>Subject: RE: red hat firewall question
>>
>>Hi Marshall
>>
>>Well I've already determined that this will fix the issues. 
>>The problem is
>>indeed with our firewall and it cannot be changed due to our security 
>>policy. Thus, I created a script that continually pings every 30 
>>seconds and that keeps the logons alive.
>>
>>So, if I can get the firewall to do it's own version of "ping" 
>>using "keep
>>state" then it will take affect for all tcp connections to 
>the server. 
>>Since I know that this will fix all of our disconnection 
>issues, and it 
>>appears to be a very easy fix, then I'm going to go ahead and get it 
>>completed.
>>
>>However, I don't know how to properly use "keep state" with my 
>>firewall.
>>
>>Any ideas on this? I just don't know much about Ipfilter and 
>the proper 
>>syntax.
>>
>>Thank you again for your help.
>>
>>Anne
>>
>>
>>
>>-----Original Message-----
>>From: redhat-list-bounces@xxxxxxxxxx
>>[mailto:redhat-list-bounces@xxxxxxxxxx]
>>On Behalf Of McDougall, Marshall (FSH)
>>Sent: Tuesday, December 04, 2007 11:54 AM
>>To: General Red Hat Linux discussion list
>>Subject: RE: red hat firewall question
>>
>> 
>>
>>>-----Original Message-----
>>>From: redhat-list-bounces@xxxxxxxxxx
>>>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore
>>>Sent: Tuesday, December 04, 2007 10:28 AM
>>>To: 'General Red Hat Linux discussion list'
>>>Subject: red hat firewall question
>>>
>>>Hi All
>>>
>>>I figured out a way, I think, to keep my connections alive while my 
>>>users are connected to my Red Hat Enterprise 4 servers.
>>>
>>>I thought I would create a firewall rule (or something like
>>>that) that keeps
>>>tcp alive (keep-state?).
>>>
>>>Something like this:
>>>
>>>"allow tcp from any to any keep-state"
>>>
>>>What do you all think? Is this the correct syntax to use to keep tcp 
>>>connections alive? or is there a better way?
>>>
>>>Thank you again for your help.
>>>
>>>Anne
>>
>>
>>Anne. 
>>
>>I think you see the symptom, but you don't yet understand 
>your problem, 
>>and are hoping that this will solve it.  I would be looking at the 
>>overall network config, because with a properly configured 
>server there 
>>is no reason for your it to be dumping connections after 1 minute.
>>
>>Regards, Marshall
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux