[ILUG] TCP/IP Timeout

Fri Oct 27 16:55:19 IST 2000

> -----Original Message-----
> From: Raf [mailto:turiel at Redbrick.DCU.ie]
> Sent: 27 October 2000 13:07
> To: ilug at linux.ie
> 
> Anyone know how to change the amount of time it takes before a tcpip
> (i.e. telnet) connection times out? ATM its taking about 13 
> minutes... I'd like to change it to something like 3-5 instead.

If a telnet client is directly connected to the telnetd then as long as 
both parties both parties (processes) are running the connection will 
never be disconnected by TCP/IP no matter how long the idle time.

The disconnection after idle timeouts are usually controlled from the 
daemons in a client server setup, as is usually done by all FTP daemons.
However this isn't valid really for telnet as the user could run a command
which could take any amount of time, and therefore the telnetd can't and 
doesn't have an idle timeout option. (If if did you would specify it on the 
command line in /etc/inetd.conf or a seperate config file like
/etc/telnetd.conf). 
Therefore the process which knows about what processes are running etc. is
your 
login shell and this can be set to timeout after a certain time. In bash you
use 
the TMOUT variable or if you want to set it system wide edit /etc/bash. This
will 
wait the timeout after displaying the primary shell for input before
exiting. This 
however will terminate any processes you've running in the background
(jobs), and
to stop this happening you need to use the nohup command. Related to this
is, if 
you start a foreground process which you realise is going to take ages, and
you 
don't want to restart it in the background, you can log in again and use
`screen` 
to detach the process from it's terminal, and you can nohup it so it won't 
terminate when you log out. Any output from a nohup process is emailed to
you.

Note also by default telnetd enables the TCP keep-alive mechanism (unless -n

specified) to probe connections that have been idle for some period of time
to 
determine if the client is still there, so that idle connections from
machines 
that have crashed or can no longer be reached may be cleaned up. Note
however the 
the TCP keepalive timeout is system wide and not configurable for each
connection. 
And also the default timeout is around 90 minutes. This mechanism is only
used for 
cleaning up stale sockets, and so is not breaking your connections.

You haven't said what's between your telnet client and server. This is
probably 
where the problem is? as firewalls will tend to break connections after
certain 
idle times.

I think when using ip-masquerade the default idle timeout for TCP Sessions
is 15 
mins. Also if you're going over an external firewall, this will have to be 
configured to not drop telnet sessions.

If you use the command `ipchains -M -L` you can see how much time you have
left 
on any open sessions before they get disconnected, and you can use the
command 
`ipchains -M -S x y z` where x y and z are the number of seconds for the new

timeouts. Note y & z are not used for "normal" TCP connections so leave
these 
at the default values.

Padraig.