[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: red hat firewall question



We control the client side as well as the server side so for the few
that are impacted by the quick timeouts it's manageable for us.

Regards, Marshall 

>-----Original Message-----
>From: redhat-list-bounces redhat com 
>[mailto:redhat-list-bounces redhat com] On Behalf Of Anne Moore
>Sent: Tuesday, December 04, 2007 4:37 PM
>To: 'General Red Hat Linux discussion list'
>Subject: RE: red hat firewall question
>
>Well yes, I could ask all of our clients to do that with each of their
>programs, or I could just do it once time on the Red Hat box 
>and it will
>take care of everything. As you can see it'll be much easier 
>to do it on
>just the one Red Hat box.
>
>My problem is that I cannot find enough documentation on the keep
>alives/state for ipfilter. I'm still searching...
>
>Thanks for the help. -Anne 
>
>-----Original Message-----
>From: redhat-list-bounces redhat com 
>[mailto:redhat-list-bounces redhat com]
>On Behalf Of McDougall, Marshall (FSH)
>Sent: Tuesday, December 04, 2007 3:49 PM
>To: General Red Hat Linux discussion list
>Subject: RE: red hat firewall question
>
>Sorry, didn't realize that there were external forces 
>(firewall) in play
>here.  Might there be a better solution from the client side?  
>We have FW
>issues like that here(our timeouts are 20 minutes) and we 
>mitigate it by
>turning on "keep alives" in the putty, DB client, etc.
>
>Regards, Marshall 
>
>>-----Original Message-----
>>From: redhat-list-bounces redhat com
>>[mailto:redhat-list-bounces redhat com] On Behalf Of Anne Moore
>>Sent: Tuesday, December 04, 2007 11:09 AM
>>To: 'General Red Hat Linux discussion list'
>>Subject: RE: red hat firewall question
>>
>>Hi Marshall
>>
>>Well I've already determined that this will fix the issues. 
>>The problem is
>>indeed with our firewall and it cannot be changed due to our security 
>>policy. Thus, I created a script that continually pings every 30 
>>seconds and that keeps the logons alive.
>>
>>So, if I can get the firewall to do it's own version of "ping" 
>>using "keep
>>state" then it will take affect for all tcp connections to 
>the server. 
>>Since I know that this will fix all of our disconnection 
>issues, and it 
>>appears to be a very easy fix, then I'm going to go ahead and get it 
>>completed.
>>
>>However, I don't know how to properly use "keep state" with my 
>>firewall.
>>
>>Any ideas on this? I just don't know much about Ipfilter and 
>the proper 
>>syntax.
>>
>>Thank you again for your help.
>>
>>Anne
>>
>>
>>
>>-----Original Message-----
>>From: redhat-list-bounces redhat com
>>[mailto:redhat-list-bounces redhat com]
>>On Behalf Of McDougall, Marshall (FSH)
>>Sent: Tuesday, December 04, 2007 11:54 AM
>>To: General Red Hat Linux discussion list
>>Subject: RE: red hat firewall question
>>
>> 
>>
>>>-----Original Message-----
>>>From: redhat-list-bounces redhat com
>>>[mailto:redhat-list-bounces redhat com] On Behalf Of Anne Moore
>>>Sent: Tuesday, December 04, 2007 10:28 AM
>>>To: 'General Red Hat Linux discussion list'
>>>Subject: red hat firewall question
>>>
>>>Hi All
>>>
>>>I figured out a way, I think, to keep my connections alive while my 
>>>users are connected to my Red Hat Enterprise 4 servers.
>>>
>>>I thought I would create a firewall rule (or something like
>>>that) that keeps
>>>tcp alive (keep-state?).
>>>
>>>Something like this:
>>>
>>>"allow tcp from any to any keep-state"
>>>
>>>What do you all think? Is this the correct syntax to use to keep tcp 
>>>connections alive? or is there a better way?
>>>
>>>Thank you again for your help.
>>>
>>>Anne
>>
>>
>>Anne. 
>>
>>I think you see the symptom, but you don't yet understand 
>your problem, 
>>and are hoping that this will solve it.  I would be looking at the 
>>overall network config, because with a properly configured 
>server there 
>>is no reason for your it to be dumping connections after 1 minute.
>>
>>Regards, Marshall
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]