Firewall question:

Firewall question:

[Stephen Dawes]

[-- Attachment #1: Type: text/plain, Size: 465 bytes --]

Does any know what port and/or protocol is used for the
keep alive packet
for such things and SSH telnet ...?

If I connect using SSH internally to my network, the session never times
out, but when I connect to my network through my firewall, I get
disconnected when inactive for a period of time.

Thanks!



Stephen Dawes B.A. B.Sc.
Web Business Office, The City of Calgary
PHONE:  (403) 268-5527. FAX: (403) 268-6423
E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca




[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 1776 bytes --]

RE: Firewall question:

[Stephen Dawes]

Kirk, is there any to adjust the timeout value for the firewall?



Stephen Dawes B.A. B.Sc.
Web Business Office, The City of Calgary
PHONE:  (403) 268-5527. FAX: (403) 268-6423
E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca 




> -----Original Message-----
> From: speakup-admin@braille.uwo.ca
> [mailto:speakup-admin@braille.uwo.ca]On Behalf Of Kirk Wood
> Sent: Friday, June 08, 2001 9:46 AM
> To: Speakup@Braille. Uwo. Ca
> Subject: Re: Firewall question:
> 
> 
> The keep alive packet for any connection is on the same port as the
> connection. The difference you are seeing is that the firewall times out
> the connection sooner then the keep alive packets are sent. This isn't
> uncommon. In fact, often times it is done intentionally to prevent you
> from breaching the firewall with "safe" looking programs that happen to
> keep an open connection and then let whatever you want through.
> 
> =======
> Kirk Wood
> Cpt.Kirk@1tree.net
> 
> Nothing is hard if you know the answer or are used to doing it.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: Firewall question:

[Kirk Wood]

The keep alive packet for any connection is on the same port as the
connection. The difference you are seeing is that the firewall times out
the connection sooner then the keep alive packets are sent. This isn't
uncommon. In fact, often times it is done intentionally to prevent you
from breaching the firewall with "safe" looking programs that happen to
keep an open connection and then let whatever you want through.

=======
Kirk Wood
Cpt.Kirk@1tree.net

Nothing is hard if you know the answer or are used to doing it.

RE: Firewall question:

[Raul A. Gallegos]

What firewall are you using?

On Fri, 8 Jun 2001, Stephen Dawes wrote:

> Kirk, is there any to adjust the timeout value for the firewall?
>
>
>
> Stephen Dawes B.A. B.Sc.
> Web Business Office, The City of Calgary
> PHONE:  (403) 268-5527. FAX: (403) 268-6423
> E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca
>
>
>
>
> > -----Original Message-----
> > From: speakup-admin@braille.uwo.ca
> > [mailto:speakup-admin@braille.uwo.ca]On Behalf Of Kirk Wood
> > Sent: Friday, June 08, 2001 9:46 AM
> > To: Speakup@Braille. Uwo. Ca
> > Subject: Re: Firewall question:
> >
> >
> > The keep alive packet for any connection is on the same port as the
> > connection. The difference you are seeing is that the firewall times out
> > the connection sooner then the keep alive packets are sent. This isn't
> > uncommon. In fact, often times it is done intentionally to prevent you
> > from breaching the firewall with "safe" looking programs that happen to
> > keep an open connection and then let whatever you want through.
> >
> > =======
> > Kirk Wood
> > Cpt.Kirk@1tree.net
> >
> > Nothing is hard if you know the answer or are used to doing it.
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

RE: Firewall question:

[Stephen Dawes]

I am using IPChains, and have constructed one of my own.



Stephen Dawes B.A. B.Sc.
Web Business Office, The City of Calgary
PHONE:  (403) 268-5527. FAX: (403) 268-6423
E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca




> -----Original Message-----
> From: speakup-admin@braille.uwo.ca
> [mailto:speakup-admin@braille.uwo.ca]On Behalf Of Raul A. Gallegos
> Sent: Friday, June 08, 2001 12:23 PM
> To: speakup@braille.uwo.ca
> Subject: RE: Firewall question:
>
>
> What firewall are you using?
>
> On Fri, 8 Jun 2001, Stephen Dawes wrote:
>
> > Kirk, is there any to adjust the timeout value for the firewall?
> >
> >
> >
> > Stephen Dawes B.A. B.Sc.
> > Web Business Office, The City of Calgary
> > PHONE:  (403) 268-5527. FAX: (403) 268-6423
> > E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: speakup-admin@braille.uwo.ca
> > > [mailto:speakup-admin@braille.uwo.ca]On Behalf Of Kirk Wood
> > > Sent: Friday, June 08, 2001 9:46 AM
> > > To: Speakup@Braille. Uwo. Ca
> > > Subject: Re: Firewall question:
> > >
> > >
> > > The keep alive packet for any connection is on the same port as the
> > > connection. The difference you are seeing is that the
> firewall times out
> > > the connection sooner then the keep alive packets are sent. This isn't
> > > uncommon. In fact, often times it is done intentionally to prevent you
> > > from breaching the firewall with "safe" looking programs that
> happen to
> > > keep an open connection and then let whatever you want through.
> > >
> > > =======
> > > Kirk Wood
> > > Cpt.Kirk@1tree.net
> > >
> > > Nothing is hard if you know the answer or are used to doing it.
> > >
> > >
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup@braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

RE: Firewall question:

[Stephen Dawes]

Thanks Kirk,
I have somewhere to look at, that may help me out.



Stephen Dawes B.A. B.Sc.
Web Business Office, The City of Calgary
PHONE:  (403) 268-5527. FAX: (403) 268-6423
E-MAIL ADDRESS:  sdawes@gov.calgary.ab.ca




> -----Original Message-----
> From: speakup-admin@braille.uwo.ca
> [mailto:speakup-admin@braille.uwo.ca]On Behalf Of Kirk Wood
> Sent: Friday, June 08, 2001 1:23 PM
> To: speakup@braille.uwo.ca
> Subject: RE: Firewall question:
>
>
> Most likely there is. If you are using ipchains on your personal firewall
> then you can change this with the -M option. You will want to consult the
> documentation for specifics. If you are using a comercial product consult
> their docs. You may also be able to adjust the time before a keep alive
> packet is sent.
>
> Finally, if you are behind a corperate firewall they may even be filtering
> out things such as keep alive packets. At any rate, I would not recomend
> trying to defeat the thing. If you have some compelling business reason
> for holding the session then go through proper chanels. Remember that
> several notorious people have gone to jail because their view of what
> their employer wanted them to do and the employer's differed.
>
> =======
> Kirk Wood
> Cpt.Kirk@1tree.net
>
> Nothing is hard if you know the answer or are used to doing it.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

RE: Firewall question:

[Kirk Wood]

Most likely there is. If you are using ipchains on your personal firewall
then you can change this with the -M option. You will want to consult the
documentation for specifics. If you are using a comercial product consult
their docs. You may also be able to adjust the time before a keep alive
packet is sent.

Finally, if you are behind a corperate firewall they may even be filtering
out things such as keep alive packets. At any rate, I would not recomend
trying to defeat the thing. If you have some compelling business reason
for holding the session then go through proper chanels. Remember that
several notorious people have gone to jail because their view of what
their employer wanted them to do and the employer's differed.

=======
Kirk Wood
Cpt.Kirk@1tree.net

Nothing is hard if you know the answer or are used to doing it.