Re: [TCLUG:9888] DSL Timeouts... More info

["Eric M. Hopper" <hopper@omnifarious.mn.org>]

On Sat, Nov 06, 1999 at 10:44:30PM -0600, Mike Nielsen wrote:
> 
> Recap - Telnet and other services timeout after 15+ minutes of idle time...   
> DSL w/ USwest
> 
> Something odd to add to the pot....
> 
> My network is setup something like so
> 
> 
>  DSL <----->  Linux Firewall Box <------>  hub  <---> various other machines
> 
> The telnet session I make from the Firewall box do NOT timeout.   
> 
> The telnet sessions I make from the Other machines do... That's going in and
> coming out....  
>  
> I assume my problem is going to be in the ipchains config of the firwall...
> I have yet to find anything abour timeouts however

	I've experienced this with a number of firewals and NAT
translators.  They have to keep internal state about each actual
connection that's going through to the outside.  I suspect a number of
them are designed to time that state out.  If they didn't, an
enterprising cracker could use the temporary 'hole' in your firewall to
try to take control of your client program.

	Of course, this isn't a very good Linux specific answer, and
probably doesn't tell you anything you didn't already know.  :-)

Have fun (if at all possible),
-- 
Its name is Public Opinion.  It is held in reverence. It settles everything.
Some think it is the voice of God.  Loyalty to petrified opinion never yet
broke a chain or freed a human soul.     ---Mark Twain
-- Eric Hopper (hopper@omnifarious.mn.org
                http://ehopper-host105.dsl.visi.com/~hopper) --

PGP signature