Hello all,

I am running an OpenSSH 4.3 server on an embedded Linux system, so I
have turned on the ClientAliveInterval and TCPKeepAlive options in
sshd_config. ClientAliveInterval is set to 10, and the OS's TCP
keep-alive settings are time = 10, probes = 5, and intvl = 10. (I need
it all low b/c server processes could be holding system-wide locks.)

If I connect to the SSH server directly (i.e., without a firewall in
between), then those settings work fine; server processes die when the
connection is down and stay up when it's up. However, here's my problem:
if I connect from outside my ZyWALL 10 firewall, then the connection is
dropped after about a minute of user inactivity.

The weird thing is that if I connect from outside the firewall via
_Telnet_ (which is using TCP keep-alives too), then it works correctly.
And the _other_ weird thing is that if I use a cheap consumer firewall
instead (D-Link DI-604), then SSH works correctly too. It's only SSH
with the ZyWALL 10 that messes up.

This seems to implicate the SSH-level keep-alives and their interaction
with the ZyWALL, which makes no sense to me because aren't they just
data in the encrypted TCP stream?

Any suggestions would be welcome.