Have you tried setting the following options in your servers' sshd_config files? KeepAlive yes ClientAliveInterval 60 Ian ----- "Anne Moore" <diabeticithink@xxxxxxxxx> wrote: > Well yes, I could ask all of our clients to do that with each of > their > programs, or I could just do it once time on the Red Hat box and it > will > take care of everything. As you can see it'll be much easier to do it > on > just the one Red Hat box. > > My problem is that I cannot find enough documentation on the keep > alives/state for ipfilter. I'm still searching... > > Thanks for the help. -Anne > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] > On Behalf Of McDougall, Marshall (FSH) > Sent: Tuesday, December 04, 2007 3:49 PM > To: General Red Hat Linux discussion list > Subject: RE: red hat firewall question > > Sorry, didn't realize that there were external forces (firewall) in > play > here. Might there be a better solution from the client side? We have > FW > issues like that here(our timeouts are 20 minutes) and we mitigate it > by > turning on "keep alives" in the putty, DB client, etc. > > Regards, Marshall > > >-----Original Message----- > >From: redhat-list-bounces@xxxxxxxxxx > >[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore > >Sent: Tuesday, December 04, 2007 11:09 AM > >To: 'General Red Hat Linux discussion list' > >Subject: RE: red hat firewall question > > > >Hi Marshall > > > >Well I've already determined that this will fix the issues. > >The problem is > >indeed with our firewall and it cannot be changed due to our security > > >policy. Thus, I created a script that continually pings every 30 > >seconds and that keeps the logons alive. > > > >So, if I can get the firewall to do it's own version of "ping" > >using "keep > >state" then it will take affect for all tcp connections to the > server. > >Since I know that this will fix all of our disconnection issues, and > it > >appears to be a very easy fix, then I'm going to go ahead and get it > > >completed. > > > >However, I don't know how to properly use "keep state" with my > >firewall. > > > >Any ideas on this? I just don't know much about Ipfilter and the > proper > >syntax. > > > >Thank you again for your help. > > > >Anne > > > > > > > >-----Original Message----- > >From: redhat-list-bounces@xxxxxxxxxx > >[mailto:redhat-list-bounces@xxxxxxxxxx] > >On Behalf Of McDougall, Marshall (FSH) > >Sent: Tuesday, December 04, 2007 11:54 AM > >To: General Red Hat Linux discussion list > >Subject: RE: red hat firewall question > > > > > > > >>-----Original Message----- > >>From: redhat-list-bounces@xxxxxxxxxx > >>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore > >>Sent: Tuesday, December 04, 2007 10:28 AM > >>To: 'General Red Hat Linux discussion list' > >>Subject: red hat firewall question > >> > >>Hi All > >> > >>I figured out a way, I think, to keep my connections alive while my > > >>users are connected to my Red Hat Enterprise 4 servers. > >> > >>I thought I would create a firewall rule (or something like > >>that) that keeps > >>tcp alive (keep-state?). > >> > >>Something like this: > >> > >>"allow tcp from any to any keep-state" > >> > >>What do you all think? Is this the correct syntax to use to keep tcp > > >>connections alive? or is there a better way? > >> > >>Thank you again for your help. > >> > >>Anne > > > > > >Anne. > > > >I think you see the symptom, but you don't yet understand your > problem, > >and are hoping that this will solve it. I would be looking at the > >overall network config, because with a properly configured server > there > >is no reason for your it to be dumping connections after 1 minute. > > > >Regards, Marshall > > > >-- > >redhat-list mailing list > >unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >https://www.redhat.com/mailman/listinfo/redhat-list > > > >-- > >redhat-list mailing list > >unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
