/etc/sysctl.conf:
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
Well what does it mean? Simple thing: Every long-lasting connections breaks after one hour. No matter whether I have TCP keepalive on, because TCP keepalive timeout defaults to 7200 seconds.
In practice you will see this:
brill@tapir ~ $ ssh milhouse.backbone.ignum.cz Linux milhouse 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 Keep keep your hands off this server! Nikdo tu na nic nesahejte! Last login: Sun Dec 30 00:46:47 2012 from 89.177.24.237
<no activity for more than 1 hour> brill@milhouse:~$ Write failed: Broken pipe brill@tapir ~ $
There was a flame on this topic on OpenWRT forum:
https://dev.openwrt.org/ticket/5777
And the result is: invalid, wontfix, fuckyourself.
Motherfuckers. They break everything. God... You can sacrifice filesystem, give up serial port, GPIO, LED diodes, whatever, but keep firewall working normally when you are building network appliance you idiots!
