4.8 Firewall timing out

[Dan Pelleg]

"Tommy Forrest - KE4PYM" <tforrest at shellworld.net> writes:

> Hi all.  Still having some issues with IPFW in 4.8.
> 
> My main problem right now is the firewall times out ALL activity within
> 1-3 minutes of establishing a connection.  I'm pretty happy with the
> rule base.  I've got the connectivity I need.  I just need that
> connectivity to stay alive.  All stay-alive problems disappear with a
> ipfw add allow all from any to any.  So I know its not the network
> thats the problem.
> 
> IPDIVERT, IPFIREWALL, IPFIREWALL_VERBOSE, and
> IPFIREWALL_VERBOSE_LIMIT=100 are built in the kernel with default to
> deny.
> 
> I'd been working with someone off the list who'd helped me quite a lot
> with these rules.  But I guess they got too busy before they could
> finish helping me (which I can appreciate).
> 

Look for net.inet.ip.fw.dyn_ack_lifetime (and its friends) in the ipfw(8)
manpage. Once you find a set of values that does the trick for you, add
them to /etc/sysctl.conf.

-- 

  Dan Pelleg