Well I've made some progress tracking down this issue but I'm still stumped. I'm also still trying to get a hold of the cvs server admin to enable ICMP.
This is what I found out: 1. mtr is a cool utility. It didn't give me info on the last hop but everything I could see looks good. 2. The TCP checksums that I didn't understand were all outgoing from my PC. The checksum errors are displayed in Ethereal because of checksum offloading to the NIC. http://wiki.ethereal.com/TCP_Checksum_Verification http://www.ethereal.com/faq.html#q11.1 This is where I'm at: Using Ethereal I noticed that before the SSH connection is broken I see "ICMP Destination unreachable (Host administratively prohibited)" packets outgoing from my PC. And usually just before or after this is a TCP Dup Ack packet. Is this possibly a problem with the configuration of my firewall on my PC? When the firewall is disabled do not encounter SSH errors. [EMAIL PROTECTED] cturner]# /sbin/service iptables status Table: filter Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Why would my PC firewall think there is a problem with the SSH connection? Thanks, Carl On Mon, 2006-06-05 at 01:38 -0600, Gustin Johnson wrote: > You can run mtr without the admin enabling icmp (well technically, just > a few ICMP requests, echo reply, and a few others), you just won't have > info on the last couple of hops. > > The problem is *likely* the firewall/router he is using, though without > more information I am only guessing based on what I commonly see. > > Carl wrote: > >> Kind of makes it hard to troubleshoot. If possible, can you enable ICMP > >> (for pings) on the server? > >> > >> > > I've asked the maintainer of the cvs sever to enable ICMP. > > > > > >> Running mtr should be straightforward, look for a hop that is different > >> from the rest. > >> > > I'll give mtr a try if I can get ICMP enabled. > > > > > >> Has nothing to do with the port. > >> > > Good to know. I was going crazy trying to figure out if ethereal was > > incorrectly decoding checksums based on the port. > > > > > >> I would try it from different locations, maybe it is something between > >> two peers (eg. telus and shaw periodically have QoS issues between their > >> respective networks) > >> > > I've now tried it from both telus and shaw and different home firewalls > > and all exhibit the same problem. > > > > I'll have to be patient and hope they enable ICMP for me. > > > > Thanks, > > > > Carl > > > > > > > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
