On 12/26/2019 08:13 PM, Gordon Messmer wrote: > On 12/26/19 2:49 PM, H wrote: >> I just looked at the settings in /etc/ssh/ssh_config on the workstation - >> which should apply to all users on it - I already had: >> >> Host * >> TCPKeepAlive yes >> ServerAliveInterval 60 > > > Well, keep-alive options would only make a difference if the problem were a > DNAT timeout. If it's some other limitation imposed on DNAT, those won't > have any effect. > > If you can reproduce this reliably and have admin access to both the server > and client, you can determine whether the router is the problem: > > 1) Start an scp transfer of a large file > > 2) Use netstat or ss on the client to determine what port the client is using > for the SSH connection > > 3) Use netstat or ss on the server to determine what port the client is using > (NAT will probably change both the client's address and port) > > 4) Run "tcpdump -nn host <server address> and port <client TCP port>" on the > client, using the values from step 2 > > 5) Run "tcpdump -nn host <client address> and port <client TCP port>" on the > server, using the values from step 3 > > 6) Wait for the transfer to terminate > > I expect that when the client terminates, you'll see a TCP reset packet at > the end of the output from tcpdump on the client side, but you won't see that > packet in the tcpdump output on the server side. If so, then the router is > sending the TCP reset, and you'll need to work with its owners to resolve the > problem. > > Incidentally, why are you connecting to an internal resource through an > external address (NAT)? Are you unable to connect directly to its internal > address? > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos
Thank you very much, very nice summary! The only thing I needed to add was the specific ethernet port in tcpdump, eg tcdump -i .... However, after you posted the above, I have not had this problem... Might come back though. As for the reason I am using the external address when the internal address suffices is that I access the same server externally as well. For simplicity I used the external address in both scenarios. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos