[c-nsp] Xwindow session timeout through Pix Firewall

Alex Foster afoster at gammatelecom.com
Tue Aug 2 09:17:04 EDT 2005


Hi Lee

Many thanks for this - this works a treat. Noticed you have to kill your
exceed session before any changes take effect - ie: tried changing the
interval whilst the session was still up - but didn't take effect until
Id started a new session - must be peculiar to the xserver/client
connection.

Thanks again

Alex

-----Original Message-----
From: lee.e.rian at census.gov [mailto:lee.e.rian at census.gov] 
Sent: 02 August 2005 12:20
To: Alex Foster
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Xwindow session timeout through Pix Firewall

Well then, how about adjusting it on the other side?
Change the tcp keepalive interval from 2 hours to 20 minutes on the HP
and
see if that works:

ndd -set /dev/tcp tcp_keepalive_interval 1200000

(not sure about the syntax, I don't have root on any HP machines)

Lee



"Alex Foster" <afoster at gammatelecom.com> wrote on 08/02/2005 06:51:36
AM:

>
> Hi
>
> Have tried this - but it doesn't appear to do anything. I ran some
> packet tracing - but no keep-alives are sent - well certainly not on
> port 6000.
>
> Regards
>
> Alex
>
> -----Original Message-----
> From: lee.e.rian at census.gov [mailto:lee.e.rian at census.gov]
> Sent: 02 August 2005 07:38
> To: Alex Foster
> Subject: RE: [c-nsp] Xwindow session timeout through Pix Firewall
>
> This might work
>  open up the Xconfig console and under the Transports section change
> Keep
> alive to yes
>
>
> "Alex Foster" <afoster at gammatelecom.com> wrote on 08/01/2005 10:12:04
> AM:
>
> > Hi Lukasz,
> >
> > Should have included a bit more info. with regards to the type of
> > xwindow session.  This is a passive exceed connection used in
> > conjunction with Java Web Start that connects to a HP-OV platform.
So
> > this isn't an xstart session with SSH.  I found some info regarding
a
> > 'session timeout' parameter you can add to some of the exceed
profiles
> -
> > but this doesn't work - or maybe Ive just configured it incorrectly
-
> I
> > wasn't too sure what profile the passive connection used.
> >
> > Regards
> >
> > Alex
> >
> >
> > -----Original Message-----
> > From: Lukasz Bromirski [mailto:lbromirski at mr0vka.eu.org]
> > Sent: 01 August 2005 14:40
> > To: Alex Foster
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Xwindow session timeout through Pix Firewall
> >
> > Alex Foster wrote:
> >
> > > Probably off topic here - but wondered if anybody on the list has
a
> > > remedy for the following issue:  I have need to permit Xwindows
> > sessions
> > > through a Pix Cluster (6.2) - but the sessions timeout after an
hour
> > of
> > > inactivity from the Xwindow session (default conn. Timeout is an
> hour
> > -
> > > funnily enough).  Other than increasing the conn. Timeout - is
there
> > > another way of configuring either the Xwindow server (using
> > Hummingbird
> > > exceed here) or the Pix to keep the Xwindow session alive.
> >
> > If You can't increase idle timeouts, use keepalives for this
specific
> > application.
> >
> > I'm sure You've already seen that?
> > http://www.hummingbird.com/support/nc/exceed/exc1003369.html
> >
> > --
> > this space was intentionally left blank    |              Lukasz
> > Bromirski
> > you can insert your favourite quote here   |
> > lukasz:bromirski,net
> >
> >
> > This message has been scanned for viruses by MailController -
> > www.MailController.altohiway.com
> >
> >
> > The information in this e-mail and any attachments is confidential
> > and may be subject to legal professional privilege. It is intended
> > solely for the attention and use of the named addressee(s). If you
> > are not the intended recipient, or person responsible for delivering
> > this information to the intended recipient, please notify the sender
> > immediately. Unless you are the intended recipient or his/her
> > representative you are prohibited from, and therefore must not,
> > read, copy, distribute, use or retain this message or any part of
> > it. The views expressed in this e-mail may not represent those of
> > Gamma Telecom.
> >
> > This message has been scanned for viruses by MailController
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list