red hat firewall question

Anne Moore diabeticithink at yahoo.com
Wed Dec 5 19:59:49 UTC 2007 

Yes, and it works great for SSH, but nothing else. I have users connecting
to 20 different applications on these servers and they are being timed-out
after only a 1 minute or so of inactivity. 

I know there is a kernel tweak that might work for this, so I'm researching.


thanks

Anne

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Ian Lists
Sent: Wednesday, December 05, 2007 11:23 AM
To: General Red Hat Linux discussion list
Subject: Re: red hat firewall question

Have you tried setting the following options in your servers' sshd_config
files?

KeepAlive yes
ClientAliveInterval 60


Ian

----- "Anne Moore" <diabeticithink at yahoo.com> wrote:
> Well yes, I could ask all of our clients to do that with each of their 
> programs, or I could just do it once time on the Red Hat box and it 
> will take care of everything. As you can see it'll be much easier to 
> do it on just the one Red Hat box.
> 
> My problem is that I cannot find enough documentation on the keep 
> alives/state for ipfilter. I'm still searching...
> 
> Thanks for the help. -Anne
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]
> On Behalf Of McDougall, Marshall (FSH)
> Sent: Tuesday, December 04, 2007 3:49 PM
> To: General Red Hat Linux discussion list
> Subject: RE: red hat firewall question
> 
> Sorry, didn't realize that there were external forces (firewall) in 
> play here.  Might there be a better solution from the client side?  We 
> have FW issues like that here(our timeouts are 20 minutes) and we 
> mitigate it by turning on "keep alives" in the putty, DB client, etc.
> 
> Regards, Marshall
> 
> >-----Original Message-----
> >From: redhat-list-bounces at redhat.com
> >[mailto:redhat-list-bounces at redhat.com] On Behalf Of Anne Moore
> >Sent: Tuesday, December 04, 2007 11:09 AM
> >To: 'General Red Hat Linux discussion list'
> >Subject: RE: red hat firewall question
> >
> >Hi Marshall
> >
> >Well I've already determined that this will fix the issues. 
> >The problem is
> >indeed with our firewall and it cannot be changed due to our security
> 
> >policy. Thus, I created a script that continually pings every 30 
> >seconds and that keeps the logons alive.
> >
> >So, if I can get the firewall to do it's own version of "ping" 
> >using "keep
> >state" then it will take affect for all tcp connections to the
> server. 
> >Since I know that this will fix all of our disconnection issues, and
> it
> >appears to be a very easy fix, then I'm going to go ahead and get it
> 
> >completed.
> >
> >However, I don't know how to properly use "keep state" with my 
> >firewall.
> >
> >Any ideas on this? I just don't know much about Ipfilter and the
> proper
> >syntax.
> >
> >Thank you again for your help.
> >
> >Anne
> >
> >
> >
> >-----Original Message-----
> >From: redhat-list-bounces at redhat.com
> >[mailto:redhat-list-bounces at redhat.com]
> >On Behalf Of McDougall, Marshall (FSH)
> >Sent: Tuesday, December 04, 2007 11:54 AM
> >To: General Red Hat Linux discussion list
> >Subject: RE: red hat firewall question
> >
> > 
> >
> >>-----Original Message-----
> >>From: redhat-list-bounces at redhat.com 
> >>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Anne Moore
> >>Sent: Tuesday, December 04, 2007 10:28 AM
> >>To: 'General Red Hat Linux discussion list'
> >>Subject: red hat firewall question
> >>
> >>Hi All
> >>
> >>I figured out a way, I think, to keep my connections alive while my
> 
> >>users are connected to my Red Hat Enterprise 4 servers.
> >>
> >>I thought I would create a firewall rule (or something like
> >>that) that keeps
> >>tcp alive (keep-state?).
> >>
> >>Something like this:
> >>
> >>"allow tcp from any to any keep-state"
> >>
> >>What do you all think? Is this the correct syntax to use to keep tcp
> 
> >>connections alive? or is there a better way?
> >>
> >>Thank you again for your help.
> >>
> >>Anne
> >
> >
> >Anne. 
> >
> >I think you see the symptom, but you don't yet understand your
> problem,
> >and are hoping that this will solve it.  I would be looking at the 
> >overall network config, because with a properly configured server
> there
> >is no reason for your it to be dumping connections after 1 minute.
> >
> >Regards, Marshall
> >
> >--
> >redhat-list mailing list
> >unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >--
> >redhat-list mailing list
> >unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list