SSH dropping with NAT reflection



  • We are having an issue where if you connect to a host inside our firewall which has SSH forwarded to it w/ NAT reflection… the connection gets dropped after 5-10 seconds of inactivity.  This happens on several of our servers.  If we connect from the inside to the internal (private) IP address of the machine directly, it works fine.  If we connect from the outside it works fine.

    Others seem to have this problem but I haven't found any solutions.  Any ideas on this?  We are running 1.2RC3 I believe, and will upgrade to full 1.2 as soon as we get a chance.

    James



  • first hits when searching for "reflection timeout" there are lots of threads about this
    http://forum.pfsense.org/index.php/topic,6743.0.html
    http://forum.pfsense.org/index.php/topic,1528.0.html

    you´ll need to reboot fw after changes..if i recall correctly

    /f



  • Ah, including SSH in the search term was showing other irrelevant postings.  Thanks for pointing me to those.

    To summarize for people who run into the same search pitfall:
    If you are running 1.2RC3 or later, adding the following tag to the <system>tag within config.xml will increase the timeout:

    <reflectiontimeout>3600</reflectiontimeout>

    where 3600 is the number of seconds worth of timeout.

    James</system>


Log in to reply