NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ssh connections lost



I have been experiencing similar problems.  I have not noticed them in
environments running CP2K SP3 with the unsightly
"ALLOW_NON_SYN_RULEBASE_MATCH" workaround.  I suspect the session is being
purged from the state table for some reason and/or keepalive traffic is
being dropped.

peter lukas

On Wed, 7 Feb 2001, corne wrote:

> 
> Hi folks
> 
> thanks for the many responses already received - unfortunately, it is not
> the tcp timeout that is to blame - I have already set timeout for ssh to
> 24h. The drops that we are experiencing are even happening in less time than
> the default 2h timeout (like 5min eg). Unfortunately the time taken before a
> session drops is also completely variable, ranging from 5min to much longer.
> 
> regards
> corne
> 
> > it's not just ssh, also telnet, oracle, etc.
> >
> > cheers
> > corne
> >
> > > I have a situation where ssh connections from inside the fw
> > dies some
> > > arbitrary time after they were started.
> > >
> > > Doing a sniff on the network (both sides of the fw) reveals
> > > the following:
> > > packets happily flow from the client to the server. At some
> > > stage the client
> > > sends another packet, at which point the server doesn't
> > > respond. This is the
> > > stage where the ssh connection is now dead. The client now
> > > sends a bunch of
> > > retransmits, thinking that the session is still up.
> > >
> > > After the session drops, I see dropped packets in the fw log,
> > > with the error
> > > "unknown established tcp packet". This would indicate that
> > > the fw no longer
> > > has an entry in its state table for that connection.
> > >
> > > But why would the connection disappear from the table? From a
> > > network sniff,
> > > there is no indication that a reset or fin is sent, or
> > > anything like that.
> > > It seems as if the fw is arbitrarily removing that connection.
> > >
> > > Any ideas?
> > >
> > > Regards
> > > Corne van Dyk
> > > Dimension Data: Network security engineer
> > > Tel: +27 21 659 2540
> > > Fax: +27 21 659 2101
> > > Helpdesk: +27 21 659 2112
> > >
> > >
> > >
> > > ==============================================================
> > > ==================
> > >      To unsubscribe from this mailing list, please see the
> > > instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > > ==============================================================
> > > ==================
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.