I am having trouble with 3.4.31 on Solaris 9. I compiled 3.4.31 with Sun's
Forte 7 compiler and the host is an Ultra 1 with a quadfast ethernet card.
When I make an inbound SSH connection, it sometimes doesn't fully establish
the SSH session. I have to ^C and rerun the SSH command. Then it works.
After a few minutes however, the connection drops.
The client keeps resending data as it expects ACKs. The server never sees
that data and just quietly listens. I can initiate a new SSH connection
inbound, but this will also fail after a few minutes.
The time it takes for the connection to sever is arbitrary. Sometimes within
seconds, other times within minutes. Any ideas?
Here's my ipf.conf:
pass in log quick on qfe0 proto tcp from any to 192.168.102.25/32 port = 22
flags S keep state
pass in log quick on qfe0 proto tcp from any to 192.168.102.25/32 port = 113
flags S keep state
pass in quick on qfe0 proto udp from any to any port = 68
pass out quick on qfe0 proto tcp from any to any flags S keep state
pass out quick on qfe0 proto udp from any to any
pass in quick on qfe1 from any to any
pass out quick on qfe1 from any to any
pass in quick on qfe2 from any to any
pass out quick on qfe2 from any to any
pass in quick on qfe3 from any to any
pass out quick on qfe3 from any to any
block in on qfe0 proto tcp all
block return-rst in on qfe0 proto tcp all flags S
block out all
And this is my ipnat.conf:
map qfe0 192.168.101.0/24 -> 0/32 proxy port 21 ftp/tcp
map qfe0 192.168.101.0/24 -> 0/32 proxy port 500 ipsec/udp
map qfe0 192.168.101.0/24 -> 0/32 proxy port 1720 h323/tcp
map qfe0 192.168.101.0/24 -> 0/32 proxy port 7070 raudio/tcp
map qfe0 192.168.101.0/24 -> 0/32 portmap tcp/udp 50000:60000
map qfe0 192.168.101.0/24 -> 0/32
map qfe0 192.168.102.0/24 -> 0/32 proxy port 21 ftp/tcp
map qfe0 192.168.102.0/24 -> 0/32 proxy port 500 ipsec/udp
map qfe0 192.168.102.0/24 -> 0/32 proxy port 1720 h323/tcp
map qfe0 192.168.102.0/24 -> 0/32 proxy port 7070 raudio/tcp
map qfe0 192.168.102.0/24 -> 0/32 portmap tcp/udp 50000:60000
map qfe0 192.168.102.0/24 -> 0/32
rdr qfe0 0/0 port 22 -> 192.168.102.25 port 22
rdr qfe0 0/0 port 113 -> 192.168.102.25 port 113
Thanks,
-Alex
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
- Re: Connection timeouts on Solaris 9 Alexander Stade
- Re: Connection timeouts on Solaris 9 Joseph Spenner
- Re: Connection timeouts on Solaris 9 Alexander Stade
