[ale] Idle Sockets vs. Firewall question

Jeff Lightner jlightner at water.com
Fri Oct 20 13:50:40 EDT 2006


Unfortunately that is a global change so ALL sockets would have the same
keepalive value.  You really do NOT want that.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Allan Neal
Sent: Friday, October 20, 2006 12:20 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Idle Sockets vs. Firewall question

TCP_KEEPALIVE will work if it does it correctly.  It only needs to send
a
packet over the socket often enough to keep the timer from timing out.
The
TCP_KEEPALIVE is just an empty packet with some flags set to tell the
application to ignore it, that it is only to keep a TCP socket alive.

Allan
On Fri, Oct 20, 2006 at 11:57:26AM -0400, Christopher Fowler wrote:
> If you control the device at the other end I would tweak the
> tcp_keepalive settings in the kernel.  Maybe drop it down from 2 hours
> to 10 minutes.  I do not know if the firewalls will consider that
> traffic or not.
>   
> 
> On Fri, 2006-10-20 at 10:46 -0400, Greg Freemyer wrote:
> > All,
> > 
> > I'm wondering if it is common for firewalls to close idle sockets
> > after a period of time?
> > 
> > === Details
> > I have a Java application that has been in service for years (since
> > 1999 IIRC), but on a private satellite based data network (vsat). 
> > 
> > We're in the process of moving it to the Internet (which means
random
> > firewalls at out client locations), and now we're getting complaints
> > about non-delivered messages/notifications.
> > 
> > The way we handle notification is to have the client open a socket
to
> > the server and just leave it open (and idle) for hours at a time.
> > Then when a message needs to be delivered the server simply sends it
> > down the existing socket. 
> > 
> > Since this is basically the same code that has been in use for a
while
> > I doubt that it is a basic client/server issue.  Seems much more
> > likely it is the network between the 2 which now is a much less
> > controlled environment than it was with dedicated satellite gear. 
> > 
> > Any other ideas are welcome.
> > 
> > Thanks
> > Greg
> > -- 
> > Greg Freemyer
> > The Norcross Group
> > Forensics for the 21st Century 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

-- 
 / ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \
|  /~~\                                 /~~\  |
|\ \   |   I would rather be exposed   |   / /|
| \   /|     to the inconveniences     |\   / |
|  ~~  |  attending too much liberty   |  ~~  |
|      |  than to those attending too  |      |
|      |     small a degree of it.     |      |
|      |      - Thomas Jefferson       |      |
|      |                               |      |
 \     |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|     /
  \   /                                 \   /
   ~~~                                   ~~~



More information about the Ale mailing list