ipfw dynamic rule timeout

[Antoine Jacoutot]

Hi !

I hope this is the right list for this, I couldn't get any answer from 
-questions.
I'm having a problem with ipfw and dynamic rules timeout.
For exemple, when I ssh to a distant machine, if I don't type anything for 
like 10 or 20 seconds, the connexion is dropped.
I read this in ipfw man page:

"Dynamic rules expire after some time, which depends on the status of the
flow and the setting of some sysctl variables.  See Section SYSCTL
VARIABLES for more details.  For TCP sessions, dynamic rules can be
instructed to periodically send keepalive packets to refresh the state of
the rule when it is about to expire."

So I tried to following command and got this output:
# sysctl -a | grep net.inet.ip.fw
net.inet.ip.fw.enable: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 500
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 168
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.static_count: 27
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_keepalive: 1

So, obviously, keepalive should work. Is there anything I should do besides 
setting net.inet.ip.fw.dyn_keepalive to 1 (which is the default value).
I'm running FreeBSD-4.8-RELEASE with IPFW2.

Thanks in advance.

Antoine