On 9/29/20 06:53, Michael Stone wrote:
> On Tue, Sep 29, 2020 at 08:44:18AM -0400, Gene Heskett wrote:
>> This is likely quite true Michael, but it also is only a hint as to how
>> to fix it for the OP.
>
> It was already fixed, serveraliveinterval/clientaliveinterval is the
> right answer. I guess I can review: these options simply have the client
> & server exchange an encrypted "are you here" message every N seconds to
> prevent the firewall from timing out the connection. tcpkeepalives won't
> do that, as the firewall can see that there is no actual data being
> transferred and may still timeout idle connections.
>
> All that aside, it's important to be precise about what functionality is
> related to NAT and what functionality is related to firewalling.
> Imprecision about these concepts leads to all sorts of (wrong) ideas
> like "you need NAT to be secure".
+2
I use NAT for convenience, and a firewall (and other measures) for security.
And thank you for stating the distinction clearly; I sort of knew it,
but clarity always is a good thing.
Tom Dial
