Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ssh connections lost

To: <[email protected]>
Subject: RE: [FW1] ssh connections lost
From: "corne" <[email protected]>
Date: Wed, 7 Feb 2001 01:26:32 +0200
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

Hi folks

thanks for the many responses already received - unfortunately, it is not
the tcp timeout that is to blame - I have already set timeout for ssh to
24h. The drops that we are experiencing are even happening in less time than
the default 2h timeout (like 5min eg). Unfortunately the time taken before a
session drops is also completely variable, ranging from 5min to much longer.

regards
corne

> it's not just ssh, also telnet, oracle, etc.
>
> cheers
> corne
>
> > I have a situation where ssh connections from inside the fw
> dies some
> > arbitrary time after they were started.
> >
> > Doing a sniff on the network (both sides of the fw) reveals
> > the following:
> > packets happily flow from the client to the server. At some
> > stage the client
> > sends another packet, at which point the server doesn't
> > respond. This is the
> > stage where the ssh connection is now dead. The client now
> > sends a bunch of
> > retransmits, thinking that the session is still up.
> >
> > After the session drops, I see dropped packets in the fw log,
> > with the error
> > "unknown established tcp packet". This would indicate that
> > the fw no longer
> > has an entry in its state table for that connection.
> >
> > But why would the connection disappear from the table? From a
> > network sniff,
> > there is no indication that a reset or fin is sent, or
> > anything like that.
> > It seems as if the fw is arbitrarily removing that connection.
> >
> > Any ideas?
> >
> > Regards
> > Corne van Dyk
> > Dimension Data: Network security engineer
> > Tel: +27 21 659 2540
> > Fax: +27 21 659 2101
> > Helpdesk: +27 21 659 2112
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] ssh connections lost
  - From: Peter Lukas <[email protected]>

References:
- RE: [FW1] ssh connections lost
  - From: "corne" <[email protected]>

Prev by Date: Re: [FW1] Firewall-1 on Sun 220R, any problems?
Next by Date: Re: [FW1] Pros and Cons of IP440 vs Solaris Checkpoint
Previous by thread: Re: [FW1] ssh connections lost
Next by thread: RE: [FW1] ssh connections lost
Index(es):
- Date
- Thread