At the old location we had a gateway for the automation network (172.30.x.x) with 2 NICs. One NIC was the 172.30.1.1 and the other NIC was just “another machine on the corporate network”. The IT guys defined for 172.30.x.x to get routed over the corporate network to our gateway… etc.
But then we got bought, and integrated our network into theirs. Fortunately they didn’t have machines on that IPv4 network already, but we still had to fight to preserve our subnet. Because changing over 1000 IPs is a real pain in the ass. (It shouldn’t be, but the implementation is not my choice or design.)
There’s some NAT involved now when we connect between the two networks.. anything from corporate shows up as 192.168.47.254 to the test systems. Can no longer uniquely identify who is logged on to the system :(
Now to the real issue. Since we moved in, some VNC sessions would just… reset over time. My ssh was fine. VNC sessions on *my* systems were fine. Wireshark led to nothing. Upon placing the mouse cursor back into the session, the VNC client would attempt to send a packet and the other end would RST. There was no traffic on the wire for a long time. The connection was dropped by the NAT/firewall.
Why is there no active traffic on those sessions, but on my sessions or ssh? Easy. A blinking cursor or the clock changing every minute generates enough traffic for the VNC session to stay alive – “keepalive traffic”. As for SSH, I’ve had “ServerAliveInterval 600” in my ~/.ssh/config ever since my first (public) server would kick out inactive connections after an hour.
I disabled the screensaver (merely a blanking of the screen for Linuxes) on the suspicious targets and the issue is “gone”.
Rikipedia 
Leave a comment