We control the client side as well as the server side so for the few that are impacted by the quick timeouts it's manageable for us. Regards, Marshall >-----Original Message----- >From: redhat-list-bounces@xxxxxxxxxx >[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore >Sent: Tuesday, December 04, 2007 4:37 PM >To: 'General Red Hat Linux discussion list' >Subject: RE: red hat firewall question > >Well yes, I could ask all of our clients to do that with each of their >programs, or I could just do it once time on the Red Hat box >and it will >take care of everything. As you can see it'll be much easier >to do it on >just the one Red Hat box. > >My problem is that I cannot find enough documentation on the keep >alives/state for ipfilter. I'm still searching... > >Thanks for the help. -Anne > >-----Original Message----- >From: redhat-list-bounces@xxxxxxxxxx >[mailto:redhat-list-bounces@xxxxxxxxxx] >On Behalf Of McDougall, Marshall (FSH) >Sent: Tuesday, December 04, 2007 3:49 PM >To: General Red Hat Linux discussion list >Subject: RE: red hat firewall question > >Sorry, didn't realize that there were external forces >(firewall) in play >here. Might there be a better solution from the client side? >We have FW >issues like that here(our timeouts are 20 minutes) and we >mitigate it by >turning on "keep alives" in the putty, DB client, etc. > >Regards, Marshall > >>-----Original Message----- >>From: redhat-list-bounces@xxxxxxxxxx >>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore >>Sent: Tuesday, December 04, 2007 11:09 AM >>To: 'General Red Hat Linux discussion list' >>Subject: RE: red hat firewall question >> >>Hi Marshall >> >>Well I've already determined that this will fix the issues. >>The problem is >>indeed with our firewall and it cannot be changed due to our security >>policy. Thus, I created a script that continually pings every 30 >>seconds and that keeps the logons alive. >> >>So, if I can get the firewall to do it's own version of "ping" >>using "keep >>state" then it will take affect for all tcp connections to >the server. >>Since I know that this will fix all of our disconnection >issues, and it >>appears to be a very easy fix, then I'm going to go ahead and get it >>completed. >> >>However, I don't know how to properly use "keep state" with my >>firewall. >> >>Any ideas on this? I just don't know much about Ipfilter and >the proper >>syntax. >> >>Thank you again for your help. >> >>Anne >> >> >> >>-----Original Message----- >>From: redhat-list-bounces@xxxxxxxxxx >>[mailto:redhat-list-bounces@xxxxxxxxxx] >>On Behalf Of McDougall, Marshall (FSH) >>Sent: Tuesday, December 04, 2007 11:54 AM >>To: General Red Hat Linux discussion list >>Subject: RE: red hat firewall question >> >> >> >>>-----Original Message----- >>>From: redhat-list-bounces@xxxxxxxxxx >>>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore >>>Sent: Tuesday, December 04, 2007 10:28 AM >>>To: 'General Red Hat Linux discussion list' >>>Subject: red hat firewall question >>> >>>Hi All >>> >>>I figured out a way, I think, to keep my connections alive while my >>>users are connected to my Red Hat Enterprise 4 servers. >>> >>>I thought I would create a firewall rule (or something like >>>that) that keeps >>>tcp alive (keep-state?). >>> >>>Something like this: >>> >>>"allow tcp from any to any keep-state" >>> >>>What do you all think? Is this the correct syntax to use to keep tcp >>>connections alive? or is there a better way? >>> >>>Thank you again for your help. >>> >>>Anne >> >> >>Anne. >> >>I think you see the symptom, but you don't yet understand >your problem, >>and are hoping that this will solve it. I would be looking at the >>overall network config, because with a properly configured >server there >>is no reason for your it to be dumping connections after 1 minute. >> >>Regards, Marshall >> >>-- >>redhat-list mailing list >>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>https://www.redhat.com/mailman/listinfo/redhat-list >> >>-- >>redhat-list mailing list >>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>https://www.redhat.com/mailman/listinfo/redhat-list >> > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
