<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: options config...
From: "insecure,AT,mail,DOT,od,DOT,ua" <insecure,AT,mail,DOT,od,DOT,ua>
Date: Sat, 15 Feb 2003 11:42:15 +0100
In-reply-to: <7DB0958915FDD611961400A0C98F18460BCE76@WINTRIX.thermeon.com>

On Friday 14 February 2003 14:09, Amith Varghese wrote:
> Linux A--------NAT/Firewall---| Internet |-----------Linux B
>
> Even though everyone told me... i didn't listen.  I tried running a packet
> sniffer on the peer side (Linux B) and found out that when Linux A sends a
> packet out, the NAT box performs port address translation.  This comes in
> on Linux B.  Linux B responds without any problem.  Now if I stop Linux A,
> after 5 seconds, the NAT box forgets the translation.  So that's the
> problem.  I guess I can set the ping for every 5 seconds.  I talked to my
> ISP and they'll probably put my box outside the firewall.  But in the
> meantime, is there any other solution than setting the ping option for
> every 5 seconds or getting my ISP to turn off PAT?

ISP's NAT timeout of 5 secs is way too low. Ask 'em to increase it to, say,
120 sec. Re cipe ping option: I do not use it because while it can keep tunnel
from collapsing, it cannot help to restore it if ISP has rebooted their NAT
box etc.

I use a little daemon which does ICMP ping every 30 secs and restarts both
local and remote ciped if needed. Here is its recent log:

22:03:08 Ping ok
22:03:38 Ping ok
22:04:18 Ping FAILED (1)
22:04:48 Ping ok
22:05:19 Ping ok
22:05:49 Ping ok
22:06:19 Ping ok
22:06:49 Ping ok
22:07:19 Ping ok
22:07:49 Ping ok
22:08:19 Ping ok
22:08:50 Ping ok
22:09:20 Ping ok
22:09:50 Ping ok
22:10:30 Ping FAILED (1)
22:11:00 Ping ok
22:11:30 Ping ok
22:12:00 Ping ok
22:12:31 Ping ok
22:13:01 Ping ok
22:13:31 Ping ok
22:14:01 Ping ok
22:14:31 Ping ok
22:15:11 Ping FAILED (1)
22:15:51 Ping FAILED (2)
22:16:31 Ping FAILED (3)
22:16:31 Restarting tunnel iface
22:16:31 [quasar] Daemon is already running, terminating it...
22:16:31 [quasar] Shutting down cipe tunnel...
22:16:32 [quasar] Killing process 7333
22:16:32 [quasar] ...done
22:16:32 [quasar] Generating key
22:16:32 [quasar] Starting remote ciped
22:16:33 ssh: connect to address x.x.x.x port 22: No route to host
22:16:33 Checkpoint #0
22:16:33 Checkpoint #1
22:16:33 Checkpoint c1
22:16:33 Checkpoint c2
22:16:33 Checkpoint #2
22:16:33 [quasar] SSH terminated with error: 1
22:17:13 Ping FAILED (1)
22:17:53 Ping FAILED (2)
22:18:33 Ping FAILED (3)
22:18:33 Restarting tunnel iface
22:18:33 [quasar] Generating key
22:18:33 [quasar] Starting remote ciped
22:18:33 ssh: connect to address x.x.x.x port 22: No route to host
22:18:33 Checkpoint #0
22:18:33 Checkpoint #1
22:18:33 Checkpoint c1
22:18:33 Checkpoint c2
22:18:33 Checkpoint #2
22:18:33 [quasar] SSH terminated with error: 1
..............................
22:43:47 Ping FAILED (1)
22:44:27 Ping FAILED (2)
22:45:07 Ping FAILED (3)
22:45:07 Restarting tunnel iface
22:45:07 [quasar] Generating key
22:45:07 [quasar] Starting remote ciped
22:45:18 [guard] Daemon is already running, terminating it...
22:45:18 [guard] Shutting down cipe tunnel...
22:45:18 [guard] Killing process 1643
22:45:18 [guard] ...done
22:45:18 [guard] Starting cipe tunnel. Enter key:
22:45:18 [guard] Closing file descriptors...
22:45:21 [guard] ...ok, daemonizing...
22:45:23 Checkpoint #0
22:45:23 Checkpoint #1
22:45:23 Checkpoint c1
22:45:23 Checkpoint c2
22:45:23 Checkpoint #2
22:45:23 [quasar] Starting local ciped
22:45:23 [quasar] Closing file descriptors...
22:45:23 [quasar] ...ok, daemonizing...
22:45:56 Ping ok
22:46:26 Ping ok
22:46:56 Ping ok
22:47:26 Ping ok
22:47:56 Ping ok
22:48:26 Ping ok
22:48:56 Ping ok
22:49:27 Ping ok
22:49:57 Ping ok
22:50:37 Ping FAILED (1)
22:51:07 Ping ok
22:51:37 Ping ok
22:52:17 Ping FAILED (1)
22:52:47 Ping ok
--
vda





<< | Thread Index | >> ]    [ << | Date Index | >> ]