On Thursday 05 February 2004 18:57, Jeremy wrote: > --- Mike Klinke <lsomike@xxxxxxxxxx> wrote: > > On Thursday 05 February 2004 16:49, Jeremy wrote: > > > Alright, I'm using Fedora Core 1. My box is setup as a router > > > for the rest of my network. It has two network cards, one 10 > > > base card connected to a cable modem, and another 10/100 > > > connected to my network switch. I have iptables setup to do > > > masquerading. > > > > > > The problem... > > > > > > Telnet/SSH connections to the machine, from the outside world, > > > disconnect after 5-10 minutes of inactivity. For example, I > > > can have 3 SSH connections to my box, neglect one window for a > > > few minutes, and when I go to that window and start typing, I > > > get a message from PuTTY saying I got disconnected. > > > > > > I've looked extensivly on the net trying to figure out what's > > > wrong and how to fix it. I've come across a couple sites > > > saying that this could possibly be caused by a 'NAT teardown'. > > > I'm new to iptables and NAT, so i'm not exactly sure what this > > > means. I was under the impression that NAT timeouts on > > > CONNECTED connections was like 5 days of inactivity before it > > > would drop. When I cat /proc/net/ip_conntrack, i see my > > > connections, and I see they have very high timeouts. > > > > > > I've looked through the iptables man page, as well as the > > > iptables/netfilter website, and i can't find anything relevent > > > to this. Does anyone know how I might fix this? > > > > > > -Jeremy > > > > > watching the connection via tcpdump? > > No, I'm not familiar enough with tcpdump's syntax to know what to > look for. What command line options should I use? Well one approach could be to monitor all traffic with the remotely logged in host. For example on the server run: tcpdump -nX host <client_ip> -i <interface(eth0 for example)> Make your connection from the client and wait your 5 to 10 minutes. See if either side initiates a disconnect or if the connection just "disappeared." Does a telnet session from a client on the local network via the inside nic also fail after this period of time? Have you temporarily stopped iptables and tried the same test? Regards, Mike Klinke
