Re: IPv6
- Reply: deleted: "deleted (X-No-Archive)"
- In reply to: Jos Chrispijn : "IPv6"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Jun 2024 09:57:34 UTC
Moin! On 20 Jun 2024, at 19:56, Jos Chrispijn wrote: > Running FreeBSD 13.3-RELEASE-p1 > If no data has been exchanged via a TCP connection for 15 minutes, or if no data has been exchanged via a UDP connection for 5 minutes, > my FRITZ!Box router automatically removes the connection(s) in question from the NAT table ( "NAT Timeout"). This will close all ports used by these connections and disconnect the application (read in this case: FreeBSD) from the Internet. According to the manufacturer 'to ensures the security of devices in the router's home network and to prevent performance losses during Internet access. Iām a bit confused here, as for IPv6 you are not doing NAT, but the FritzBox and other home routers to have a state table for firewall connections that usually has a timeout value. I assume you mean this. In Freebsd if you have pf enabled you get this values with: pfctl -st In Linux (which oddly enough the FritzBox is based on) the following should help: sysctl -a | grep conntrack However the FritzBox AFAIK has no option to change these values. > This forces me into running an 'IPv6 stay alive' script every 30 minutes in order to be available for incoming IPv6 connections. Is there a way to use FreeBSD in a more smooth way to tackle this or does the manufacturer AVM need to include this functionallity into their hardware? This is a common problem with stateful firewalls and why most applications that use long live connection have is an in band keep alive mechanism. E.g for ssh you can put the following in ~/.ssh/config: ServerAliveInterval 60 ServerAliveCountMax 60 Which will give you an hour without typing something on your keyboard for an ssh connection. Hopefully that helps. So long -Ralf āā- Ralf Weber