Hosting Provided By

RE: red hat firewall question

From: Anne Moore <diabeticithink(at)yahoo.com>
Date: Tue Dec 04 2007 - 12:09:10 EST

Hi Marshall

Well I've already determined that this will fix the issues. The problem is indeed with our firewall and it cannot be changed due to our security policy. Thus, I created a script that continually pings every 30 seconds and that keeps the logons alive.

So, if I can get the firewall to do it's own version of "ping" using "keep state" then it will take affect for all tcp connections to the server. Since I know that this will fix all of our disconnection issues, and it appears to be a very easy fix, then I'm going to go ahead and get it completed.

However, I don't know how to properly use "keep state" with my firewall.

Any ideas on this? I just don't know much about Ipfilter and the proper syntax.

Thank you again for your help.

Anne

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of McDougall, Marshall (FSH)
Sent: Tuesday, December 04, 2007 11:54 AM To: General Red Hat Linux discussion list Subject: RE: red hat firewall question

Do you need help?

>-----Original Message-----
>From: redhat-list-bounces@redhat.com
>[mailto:redhat-list-bounces@redhat.com] On Behalf Of Anne Moore
>Sent: Tuesday, December 04, 2007 10:28 AM
>To: 'General Red Hat Linux discussion list'
>Subject: red hat firewall question
>
>Hi All
>
>I figured out a way, I think, to keep my connections alive while my
>users are connected to my Red Hat Enterprise 4 servers.
>
>I thought I would create a firewall rule (or something like
>that) that keeps
>tcp alive (keep-state?).
>
>Something like this:
>
>"allow tcp from any to any keep-state"
>
>What do you all think? Is this the correct syntax to use to keep tcp
>connections alive? or is there a better way?
>
>Thank you again for your help.
>
>Anne

Anne.

I think you see the symptom, but you don't yet understand your problem, and are hoping that this will solve it. I would be looking at the overall network config, because with a properly configured server there is no reason for your it to be dumping connections after 1 minute.

Regards, Marshall

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Received on Tue Dec 4 12:10:02 2007

This message: [ Message body ]
Next message: gareth(at)networksaremadeofstring.co.uk: "Re: problem with postfix rejecting email"
Previous message: Alex Bradley: "Re: automatic disconnects very troubling"
In reply to: McDougall, Marshall (FSH): "RE: red hat firewall question"
Next in thread: McDougall, Marshall (FSH): "RE: red hat firewall question"
Reply: McDougall, Marshall (FSH): "RE: red hat firewall question"
Reply: Steve Phillips: "Re: red hat firewall question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Fri May 30 2008 - 14:26:24 EDT