This is getting close to OT but they are OpenBSD firewalls.

I am getting connections dropping out after being idle for exactly 5
minutes
The servers are 3.2 and 3.5 - (I know time to upgrade)
The dropouts occur on ssh as well as a redirected telnet session to an
internal server.
I am testing with telnet rather than ssh to keep away from any client
keep alive issues

Here is a connection started and left idle

11:42:52.376607 202.126.96.150.4211 > 10.250.2.183.7755: S
3588045201:3588045201(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 88073528 0>
11:42:52.376825 10.250.2.183.7755 > 202.126.96.150.4211: S
2231228792:2231228792(0) ack 3588045202 win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
11:42:52.487471 202.126.96.150.4211 > 10.250.2.183.7755: . ack 1 win
16384 <nop,nop,timestamp 88073528 0>
11:47:53.784419 202.126.96.150.4211 > 10.250.2.183.7755: R
3588045202:3588045202(0) win 0

There have been no changes to the default timeouts in the tcp connection
and up until they disappear the
state is listed in netstat -n -v -f inet as being established with
almost 24 hours to go (the default state timeout for a Established
connection)

The relevant rules from pf.conf are

rdr on $Ext proto tcp from any to $ExtIp port 7755 -> 10.250.2.183 port
7755
rdr on $Ext proto tcp from any to $ExtIp port 7766 -> 10.250.2.183 port
7766

pass in quick on $Ext inet proto tcp from any to 10.250.2.183 port {
7755 } keep state
pass in quick on $Ext inet proto tcp from any to 10.250.2.183 port {
7766 } keep state

I have searched for information on Resets, connection reset by peer,
state timeouts
but everything is still at default settings

Thanks in advance for any direction


Gordon Chalmers

A&LWINDOWS
20 Apollo Drive
Hallam Vic 3803
T (03) 8786 0069

F (03) 8786 0169
E gchalmers@alwindows.com.au
W www.alwindows.com.au