From nobody Fri Jun 21 09:57:34 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W5CTN65T9z5Pr4H for ; Fri, 21 Jun 2024 09:57:44 +0000 (UTC) (envelope-from freebsd@fl1ger.de) Received: from smtp.guxx.net (nyx.guxx.net [85.10.208.173]) by mx1.freebsd.org (Postfix) with ESMTP id 4W5CTN3zpPz4PWt for ; Fri, 21 Jun 2024 09:57:44 +0000 (UTC) (envelope-from freebsd@fl1ger.de) Authentication-Results: mx1.freebsd.org; none Received: from [100.64.0.1] (p4fc21d62.dip0.t-ipconnect.de [79.194.29.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 1A1525F40313; Fri, 21 Jun 2024 09:57:35 +0000 (UTC) From: Ralf Weber To: Jos Chrispijn Cc: FreeBSD Mailing List Subject: Re: IPv6 Date: Fri, 21 Jun 2024 11:57:34 +0200 X-Mailer: MailMate (1.14r6038) Message-ID: <281A2C29-5605-471D-8762-191E1BA808FD@fl1ger.de> In-Reply-To: <38514ddc-a1f8-49c6-bcf9-c552da53e554@cloudzeeland.nl> References: <38514ddc-a1f8-49c6-bcf9-c552da53e554@cloudzeeland.nl> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:85.10.192.0/18, country:DE] X-Rspamd-Queue-Id: 4W5CTN3zpPz4PWt Moin! On 20 Jun 2024, at 19:56, Jos Chrispijn wrote: > Running FreeBSD 13.3-RELEASE-p1 > If no data has been exchanged via a TCP connection for 15 minutes, or i= f no data has been exchanged via a UDP connection for 5 minutes, > my FRITZ!Box router automatically removes the connection(s) in question= from the NAT table ( "NAT Timeout"). This will close all ports used by t= hese connections and disconnect the application (read in this case: FreeB= SD) from the Internet. According to the manufacturer 'to ensures the secu= rity of devices in the router's home network and to prevent performance l= osses during Internet access. I=E2=80=99m a bit confused here, as for IPv6 you are not doing NAT, but t= he FritzBox and other home routers to have a state table for firewall con= nections that usually has a timeout value. I assume you mean this. In Fre= ebsd if you have pf enabled you get this values with: pfctl -st In Linux (which oddly enough the FritzBox is based on) the following shou= ld help: sysctl -a | grep conntrack However the FritzBox AFAIK has no option to change these values. > This forces me into running an 'IPv6 stay alive' script every 30 minute= s in order to be available for incoming IPv6 connections. Is there a way = to use FreeBSD in a more smooth way to tackle this or does the manufactur= er AVM need to include this functionallity into their hardware? This is a common problem with stateful firewalls and why most application= s that use long live connection have is an in band keep alive mechanism. = E.g for ssh you can put the following in ~/.ssh/config: ServerAliveInterval 60 ServerAliveCountMax 60 Which will give you an hour without typing something on your keyboard for= an ssh connection. Hopefully that helps. So long -Ralf =E2=80=94=E2=80=94- Ralf Weber