Re: red hat firewall question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have you tried setting the following options in your servers' sshd_config files?

KeepAlive yes
ClientAliveInterval 60


Ian

----- "Anne Moore" <diabeticithink@xxxxxxxxx> wrote:
> Well yes, I could ask all of our clients to do that with each of
> their
> programs, or I could just do it once time on the Red Hat box and it
> will
> take care of everything. As you can see it'll be much easier to do it
> on
> just the one Red Hat box.
> 
> My problem is that I cannot find enough documentation on the keep
> alives/state for ipfilter. I'm still searching...
> 
> Thanks for the help. -Anne 
> 
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx]
> On Behalf Of McDougall, Marshall (FSH)
> Sent: Tuesday, December 04, 2007 3:49 PM
> To: General Red Hat Linux discussion list
> Subject: RE: red hat firewall question
> 
> Sorry, didn't realize that there were external forces (firewall) in
> play
> here.  Might there be a better solution from the client side?  We have
> FW
> issues like that here(our timeouts are 20 minutes) and we mitigate it
> by
> turning on "keep alives" in the putty, DB client, etc.
> 
> Regards, Marshall 
> 
> >-----Original Message-----
> >From: redhat-list-bounces@xxxxxxxxxx
> >[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore
> >Sent: Tuesday, December 04, 2007 11:09 AM
> >To: 'General Red Hat Linux discussion list'
> >Subject: RE: red hat firewall question
> >
> >Hi Marshall
> >
> >Well I've already determined that this will fix the issues. 
> >The problem is
> >indeed with our firewall and it cannot be changed due to our security
> 
> >policy. Thus, I created a script that continually pings every 30 
> >seconds and that keeps the logons alive.
> >
> >So, if I can get the firewall to do it's own version of "ping" 
> >using "keep
> >state" then it will take affect for all tcp connections to the
> server. 
> >Since I know that this will fix all of our disconnection issues, and
> it 
> >appears to be a very easy fix, then I'm going to go ahead and get it
> 
> >completed.
> >
> >However, I don't know how to properly use "keep state" with my 
> >firewall.
> >
> >Any ideas on this? I just don't know much about Ipfilter and the
> proper 
> >syntax.
> >
> >Thank you again for your help.
> >
> >Anne
> >
> >
> >
> >-----Original Message-----
> >From: redhat-list-bounces@xxxxxxxxxx
> >[mailto:redhat-list-bounces@xxxxxxxxxx]
> >On Behalf Of McDougall, Marshall (FSH)
> >Sent: Tuesday, December 04, 2007 11:54 AM
> >To: General Red Hat Linux discussion list
> >Subject: RE: red hat firewall question
> >
> > 
> >
> >>-----Original Message-----
> >>From: redhat-list-bounces@xxxxxxxxxx
> >>[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anne Moore
> >>Sent: Tuesday, December 04, 2007 10:28 AM
> >>To: 'General Red Hat Linux discussion list'
> >>Subject: red hat firewall question
> >>
> >>Hi All
> >>
> >>I figured out a way, I think, to keep my connections alive while my
> 
> >>users are connected to my Red Hat Enterprise 4 servers.
> >>
> >>I thought I would create a firewall rule (or something like
> >>that) that keeps
> >>tcp alive (keep-state?).
> >>
> >>Something like this:
> >>
> >>"allow tcp from any to any keep-state"
> >>
> >>What do you all think? Is this the correct syntax to use to keep tcp
> 
> >>connections alive? or is there a better way?
> >>
> >>Thank you again for your help.
> >>
> >>Anne
> >
> >
> >Anne. 
> >
> >I think you see the symptom, but you don't yet understand your
> problem, 
> >and are hoping that this will solve it.  I would be looking at the 
> >overall network config, because with a properly configured server
> there 
> >is no reason for your it to be dumping connections after 1 minute.
> >
> >Regards, Marshall
> >
> >--
> >redhat-list mailing list
> >unsubscribe
> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >--
> >redhat-list mailing list
> >unsubscribe
> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux