Re: IPFW disconnections and resets

• Previous message: Siddhartha Jain: "IPFW disconnections and resets"
• In reply to: Siddhartha Jain: "IPFW disconnections and resets"
• Next in thread: Siddhartha Jain: "Re: IPFW disconnections and resets"
• Reply: Siddhartha Jain: "Re: IPFW disconnections and resets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Apr 2005 19:47:59 +1000 (EST)
To: Siddhartha Jain <sid@netmagicsolutions.com>

On Fri, 29 Apr 2005, Siddhartha Jain wrote:

> I am facing two problems:
> - SSH sessions timeout after a while

In PuTTY or whatever other SSH client you use - enable sending of
keepalive packets (for PuTTY - under connection settings) (not sure if
this is cause of ipfw or what, but the tcp session is timing out)

> - When I run "/sbin/ipfw -q -f flush" in the rules script all connection
> get reset (and I am thrown out of the box).

Yep, standard functionality, easy fix though:

-- Start file /root/bin/fws --
#!/bin/sh
fw > /root/fws-out 2>&1 &
-- End File --

-- Start file /root/bin/fw --
#!/bin/sh

ipfw="ipfw"

# Flush Old Rules
$ipfw -f flush

# Tempoary rules to stop connections being killed when reloading rules
$ipfw add 1 allow tcp from any to any established
$ipfw add 2 allow udp from any to any

<snip> - your rules go here (dont use rule 1 or 2 though)

# Clean up tempoary rules used to stop connections being killed
$ipfw delete 1
$ipfw delete 2
-- End File --

I use that all the time, mabe 1 out of 100 times it will kill a ssh
session (only one that has irssi open cause of the time updating it kills
it, i have it set to update every second though, so normally it'd be like
1 out of 500 or so) and even if it does, it still finishes loading the
ruleset anyway so you can just ssh straight back in

If you havn't guessed, you run /root/bin/fws - you can change it to
whatever you want of course, also, the output is redirected to
/root/fws-out - if you dont redirect it, it'll kill your ssh session -
although it won't stop it loading the other rules

~Neo-Vortex
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Siddhartha Jain: "IPFW disconnections and resets"
• In reply to: Siddhartha Jain: "IPFW disconnections and resets"
• Next in thread: Siddhartha Jain: "Re: IPFW disconnections and resets"
• Reply: Siddhartha Jain: "Re: IPFW disconnections and resets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Reality check: IPFW sees SSH traffic that sshd does not? ... I use IPFW & natd on the box that provides the interface between my home ... I configured IPFW to accept & log all SSH "setup" requests, ... that machine's sshd logs SSH-specific information. ... (FreeBSD-Security) Re: Problems with ipfw and ssh ... the rule you have set to allow any, my same rule is deny any. ... I know I had some issues with IPFW working for about 15 minutes, ... However I stuck with the ssh rule since i mainly want to work remotely on ... On Thursday 12 October 2006 20:22, Spiros Papadopoulos wrote: ... (freebsd-questions) Re: IPFW Problems ... I doing this over an SSH connection, ... there seems to be something odd with ipfw. ... ipfw add 00299 deny log all from any to any out via bge0 ... ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit ... (freebsd-questions) Expect script times out when > 28 SSH sessions are spawned ... than 28 SSH sessions to execute a shell script on 64-bit Suse 9 Linux ... SSH sessions and it does not receive any data nor recognizing EOF on ... (comp.lang.tcl) Re: Problem with "ipfw flush" ... firewall_script on line 131 with "sh", not with ipfw. ... writes to the terminal, which after the flush, it can't. ... mend the following command line: ... isn't working via ssh. ... (freebsd-questions)