[lug] 3 Questions: 1) Port Forwarding 2) Unison 3) Job Management Software 4) Test Apache

David Morris lists at morris-clan.net
Tue Feb 15 10:19:36 MST 2005 

On Mon, Feb 14, 2005 at 08:00:02PM -0700, Daniel Webb wrote:
> With your solution, if the connection is reset every 5
> minutes, I will get my connection cut every five minutes
> when working on my sister's computer over the reverse
> tunnel, even if the connection is fine. That would be
> pretty annoying.  If I make the reset time longer, I may
> have to wait a long time to get back in after a connection
> loss.  My script doesn't have this tradeoff: you never
> lose a connection except from "natural causes", and if you
> do lose it, you'll have it back within 2 minutes.

Typically, if a port is actively being used when SSH tries
to disconnect it will wait for the connection to finish so
long as the forwarded port is being actively used.  I've
never had an actively used shell get disconnected on me.
Unused timeouts can get annoying though, yes....but see
below.

> > This is where carefully picking the value
> > given to 'ping -c xxx' comes in.  For an http proxy server,
> > for example, I set the timeout to reset once every 5 minutes
> > and almost never even notice the reset happening and only
> > have the connection lock up on me once every month or so.
> 
> Sure, for a stateless connection such as HTTP, having the
> connection reset every 5 minutes is not a problem.  It's
> more annoying for shell sessions or a VNC session.

I've never had to connect to a system for an extended period
of time which was so unstable I had to set the timeout to 5
minutes.  The worst I've ever used was 1 hour timeout when I
had a bad wireless connection near Nederland.  1 hour I
found to be sufficient in almost all circumstances.  I can
only remember the connection being down twice during the 3
months I was on that bad wireless connection.

It might be that in your situation my simple solution just
is not adequate because of either the way you use the
connection or the quality of the network you are connecting
to.

I agree with you that my solution is not robust, nor is it
usable in every situation.  If I needed full VPN access over
an extended period of time it would drive me insane.  Its a
matter of the right tool for the right job.  I see no reason
to bother with a complex script which I might or might not
have installed on a given machine when I can just type in a
few lines in a terminal window (within a screen session).

> Have you done much with reverse forwarding using -R?  I
> have found it to be more difficult than forward port
> forwarding, because of problems in the sshd side.  If it
> weren't for those problems, I would just use
> autossh and be done with it.

I use both forward and reverse tunnels constantly and never
had more troubles with one than with the other.  Notably,
with regards to your other email, I have a reverse tunnel
opening an SSH port through a firewall which I frequently
have many connections to at one time.  Typically at least
two, frequently 5 or 6.  You might look at your system ssh
and sshd settings, there might be something set which is
preventing multiple connections on either the client or
server side....

--David

More information about the LUG mailing list