On 7/31/2014 12:13 AM, Roger Oberholtzer wrote:
If I ask them to open all ports at their end, I can
just fine. I am, once again, confused. Any ideas? They do not want to
keep the firewall for this machine open too long.
This firewall... I presume it does in fact send port 22 to the 11.2 Linux box?
(That is, when they open up all ports you do indeed access the correct machine?)
Does it also do any form of Egress filtering?
As far as I know, all parts of ssh traverse port 22 only.
Once you get a connection, all traffic should flow over port 22, (its encrypted
upon connection, even before you password is transmitted).
Have them turn off the firewall so you can
Check for these line in the /etc/ssh/sshd_config of the 11.2 box
Without that, it might try to put X out over the wire rather than in the ssh tunnel,
and if the firewall box was egress filtering against that that might cause the
behavior you see.
Also, old sshd_configs used to have
set explicitly or as the default.
But later versions need to have
and if you don't have that ssh sessions try to wander off into ipv6 land
maybe that is what the firewall is complaining about.
Also type (again, after connecting with the firewall disabled)
and see if you see
Then look in the Active Internet connections (servers and established)
list any connections between the 11.2 box and the 10.0 box
(by comparing IPs and Ports).
You should typically have only ONE such connection something like this:
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name
tcp 0 68 192.168.2.1:22 192.168.2.213:59742 ESTABLISHED 14086/sshd:
*192.168.2.1 would be replaced by the ip of your 11.2 box).
Any more than one connection between your machine and the 11.2 machine might be
what the firewall is blocking.
(Its unusual for firewalls to block outbound ports
but some places set up egress filtering to prevent clever users
from end-running their security).
---This space for rent---
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org