Hi there, i've a problem with openssh behind a 2.4.x firewall. If i try to connect to the outside, i got no response until setting the -P flag. with -P it works fine. So it seems to be a problem with the nonprivat port. is there a firewall missconfiguration or something i missed? with 2.2.19 all works fine (without -P). Regards, Sven -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Hi Sven! On Mon, 03 Sep 2001, Sven Michels wrote:
Hi there,
i've a problem with openssh behind a 2.4.x firewall. If i try to connect to the outside, i got no response until setting the -P flag. with -P it works fine. So it seems to be a problem with the nonprivat port. is there a firewall missconfiguration or something i missed? with 2.2.19 all works fine (without -P).
I think the firewall is the one in charge. It considers source ports below 1024 as private [ because for a process to bind in that area it need root privs ] and denies access. You can alias your ssh to `ssh -P -C' [ isn't that default it SuSE? I had that impression.] -- teodor
teo@gecadsoftware.com wrote: hi,
Hi there,
i've a problem with openssh behind a 2.4.x firewall. If i try to connect to the outside, i got no response until setting the -P flag. with -P it works fine. So it seems to be a problem with the nonprivat port. is there a firewall missconfiguration or something i missed? with 2.2.19 all works fine (without -P).
I think the firewall is the one in charge. It considers source ports below 1024 as private [ because for a process to bind in that area it need root privs ] and denies access. yeah but where? how to disable? whatever .. with 2.2.x the problem did not appear .. the logs show no reject/deny ...
You can alias your ssh to `ssh -P -C' [ isn't that default it SuSE? I had that impression.] nafaik but i can't do that for 30 ppl ;)
Sven -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Hi Sven, On 2001.09.04 15:11:54 +0100 Sven Michels wrote:
teo@gecadsoftware.com wrote:
hi,
Hi there,
i've a problem with openssh behind a 2.4.x firewall. If i try to connect to the outside, i got no response until setting the -P flag. with -P it works fine. So it seems to be a problem with the nonprivat port. is there a firewall missconfiguration or something i missed? with 2.2.19 all works fine (without -P).
I think the firewall is the one in charge. It considers source ports below 1024 as private [ because for a process to bind in that area it need root privs ] and denies access. yeah but where? how to disable? whatever .. with 2.2.x the problem did not appear .. the logs show no reject/deny ...
Sounds to me like the 2.2.19 firewall allows connections to be made, but the 2.4.x (iptables or ipchains?) is blocking these connections. Strange that you get nothing in the firewall logs. Does the sshd say anything about the connections in /var/log/messages? HTH Maf.
You can alias your ssh to `ssh -P -C' [ isn't that default it SuSE? I had that impression.] nafaik but i can't do that for 30 ppl ;)
Sven --
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi maf,
Sounds to me like the 2.2.19 firewall allows connections to be made, but the 2.4.x (iptables or ipchains?) is blocking these connections. iptables .. yes it seems so but didn't find anything :( i had the same problem to a customer gateway .. that was behind a openbsd firewall .. same here.. but thats sometime ago ..
Strange that you get nothing in the firewall logs. Does the sshd say anything about the connections in /var/log/messages? nope, nothing... the ssh -v shows the allocating of a priv port and than it hangs.
thanks anyways -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Hi Sven. On 2001.09.04 16:02:52 +0100 Sven Michels wrote:
Hi maf,
Sounds to me like the 2.2.19 firewall allows connections to be made, but the 2.4.x (iptables or ipchains?) is blocking these connections. iptables .. yes it seems so but didn't find anything :( i had the same problem to a customer gateway .. that was behind a openbsd firewall .. same here.. but thats sometime ago ..
Strange that you get nothing in the firewall logs. Does the sshd say anything about the connections in /var/log/messages? nope, nothing... the ssh -v shows the allocating of a priv port and than it hangs.
Hmm, if I do ssh -v someserver it tells me that I am using port 22 on the sshd server. (As expected!) BUT I don't see my port... run: ssh your_server.dom.ain then, in a second shell, run: netstat -an | grep -e tcp and that should show you the details of your connection. HTH Maf.
participants (3)
-
maf king -
Sven Michels -
teo@gecadsoftware.com