--- Mike Klinke <lsomike@xxxxxxxxxx> wrote: > On Thursday 05 February 2004 18:57, Jeremy wrote: > > --- Mike Klinke <lsomike@xxxxxxxxxx> wrote: > > > On Thursday 05 February 2004 16:49, Jeremy wrote: > > > > Alright, I'm using Fedora Core 1. My box is setup as a router > > > > for the rest of my network. It has two network cards, one 10 > > > > base card connected to a cable modem, and another 10/100 > > > > connected to my network switch. I have iptables setup to do > > > > masquerading. > > > > > > > > The problem... > > > > > > > > Telnet/SSH connections to the machine, from the outside world, > > > > disconnect after 5-10 minutes of inactivity. For example, I > > > > can have 3 SSH connections to my box, neglect one window for a > > > > few minutes, and when I go to that window and start typing, I > > > > get a message from PuTTY saying I got disconnected. > > > > > > > > I've looked extensivly on the net trying to figure out what's > > > > wrong and how to fix it. I've come across a couple sites > > > > saying that this could possibly be caused by a 'NAT teardown'. > > > > I'm new to iptables and NAT, so i'm not exactly sure what this > > > > means. I was under the impression that NAT timeouts on > > > > CONNECTED connections was like 5 days of inactivity before it > > > > would drop. When I cat /proc/net/ip_conntrack, i see my > > > > connections, and I see they have very high timeouts. > > > > > > > > I've looked through the iptables man page, as well as the > > > > iptables/netfilter website, and i can't find anything relevent > > > > to this. Does anyone know how I might fix this? > > > > > > > > -Jeremy > > > > > > > > watching the connection via tcpdump? > > > > No, I'm not familiar enough with tcpdump's syntax to know what to > > look for. What command line options should I use? > > Well one approach could be to monitor all traffic with the remotely > logged in host. For example on the server run: > > tcpdump -nX host <client_ip> -i <interface(eth0 for example)> > > Make your connection from the client and wait your 5 to 10 minutes. > See if either side initiates a disconnect or if the connection just > "disappeared." Alright, I'll try that. > > Does a telnet session from a client on the local network via the > inside nic also fail after this period of time? I'm not sure, I'm at a remote location at the moment, so I have no way of testing that at this time. I should be going home this weekend, and I'll try it from there. > > Have you temporarily stopped iptables and tried the same test? No, I'll try that as well. > > Regards, Mike Klinke Thanks -Jeremy __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
