On Tue, Oct 02, 2007 at 09:27:47AM -0500, Karl O. Pinc wrote:
>
> On 10/02/2007 08:37:22 AM, Serge Basterot wrote:
> >Hello list,
> >
> >I have a problem with a soekris 4801 machine. Outgoing SSL and SSH
> >connections are impossible with it.
>
> ssh -v (or -vv etc) can be helpful in diagnosing this sort
> of problem.
Not very helpful for me :
debug2: ssh_connect: needpriv 0
debug1: Connecting to foo.com [b.b.b.b] port 22.
debug1: connect to address b.b.b.b port 22: Operation timed out
ssh: connect to host foo.com port 22: Operation timed out
Here is a tcpdump of a ssh session. On the server (b.b.b.b) :
Oct 03 18:00:06.199400 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 78: a.a.a.a.62786 >
b.b.b.b.22: SWE 4097644330:4097644330(0) win 16384 <mss
1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235007 0> (DF)
Oct 03 18:00:06.199708 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722815 4101235007> (DF)
Oct 03 18:00:09.191612 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722821 4101235007> (DF)
Oct 03 18:00:12.197719 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 78: a.a.a.a.62786 >
b.b.b.b.22: S 4097644330:4097644330(0) win 16384 <mss
1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235019 0> (DF)
Oct 03 18:00:12.197932 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722827 4101235019> (DF)
Oct 03 18:00:15.192293 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722833 4101235019> (DF)
Oct 03 18:00:24.198572 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 78: a.a.a.a.62786 >
b.b.b.b.22: S 4097644330:4097644330(0) win 16384 <mss
1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235043 0> (DF)
Oct 03 18:00:24.198763 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722851 4101235043> (DF)
Oct 03 18:00:27.193489 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722857 4101235043> (DF)
Oct 03 18:00:48.200246 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 78: a.a.a.a.60317 >
b.b.b.b.22: S 4097644330:4097644330(0) win 16384 <mss
1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235091 0> (DF)
Oct 03 18:00:48.200458 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.60317: S 3394400654:3394400654(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2427881320 4101235091> (DF)
Oct 03 18:00:51.196022 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.62786: SE 3746632853:3746632853(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3328722905 4101235043> (DF)
Oct 03 18:00:51.196101 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.60317: S 3394400654:3394400654(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2427881326 4101235091> (DF)
Oct 03 18:00:51.364232 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 60: a.a.a.a.62786 >
b.b.b.b.22: R 1:1(0) ack 1 win 0 (DF)
Oct 03 18:00:51.364408 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 70: b.b.b.b > a.a.a.a:
icmp: b.b.b.b tcp port 22 unreachable
Oct 03 18:00:57.196646 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.60317: S 3394400654:3394400654(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2427881338 4101235091> (DF)
Oct 03 18:01:09.197889 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 78: b.b.b.b.22 >
a.a.a.a.60317: S 3394400654:3394400654(0) ack 4097644331 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2427881362 4101235091> (DF)
Oct 03 18:01:09.362063 0:0:5e:0:1:b 8:0:20:c1:c2:a4 0800 60: a.a.a.a.60317 >
b.b.b.b.22: R 1:1(0) ack 1 win 0 (DF)
Oct 03 18:01:09.362235 8:0:20:c1:c2:a4 0:0:5e:0:1:b 0800 70: b.b.b.b > a.a.a.a:
icmp: b.b.b.b tcp port 22 unreachable
On the client (a.a.a.a) :
Oct 03 17:54:27.092230 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: a.a.a.a.62786 > b.b.b.b.22: SWE 4097644330:4097644330(0) win 16384
<mss 1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235007 0> (DF)
Oct 03 17:54:27.260125 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722815 4101235007> (DF)
Oct 03 17:54:30.250095 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722821 4101235007> (DF)
Oct 03 17:54:33.090294 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: a.a.a.a.62786 > b.b.b.b.22: S 4097644330:4097644330(0) win 16384
<mss 1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235019 0> (DF)
Oct 03 17:54:33.250217 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722827 4101235019> (DF)
Oct 03 17:54:36.250156 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722833 4101235019> (DF)
Oct 03 17:54:45.090295 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: a.a.a.a.62786 > b.b.b.b.22: S 4097644330:4097644330(0) win 16384
<mss 1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235043 0> (DF)
Oct 03 17:54:45.250186 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722851 4101235043> (DF)
Oct 03 17:55:09.090422 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: a.a.a.a.60317 > b.b.b.b.22: S 4097644330:4097644330(0) win 16384
<mss 1452,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 4101235091 0> (DF)
Oct 03 17:55:09.260120 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.60317: S 3394400654:3394400654(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
2427881320 4101235091> (DF)
Oct 03 17:55:12.250175 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.62786: SE 3746632853:3746632853(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
3328722905 4101235043> (DF)
Oct 03 17:55:12.250508 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 42
IP: a.a.a.a.62786 > b.b.b.b.22: R 1:1(0) ack 1 win 0 (DF) [tos 0x10]
Oct 03 17:55:12.250732 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.60317: S 3394400654:3394400654(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
2427881326 4101235091> (DF)
Oct 03 17:55:12.420118 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 58
IP: b.b.b.b > a.a.a.a: icmp: b.b.b.b tcp port 22 unreachable
Oct 03 17:55:18.250794 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.60317: S 3394400654:3394400654(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
2427881338 4101235091> (DF)
Oct 03 17:55:30.250151 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 66
IP: b.b.b.b.22 > a.a.a.a.60317: S 3394400654:3394400654(0) ack
4097644331 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
2427881362 4101235091> (DF)
Oct 03 17:55:30.250478 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 42
IP: a.a.a.a.60317 > b.b.b.b.22: R 1:1(0) ack 1 win 0 (DF) [tos 0x10]
Oct 03 17:55:30.410198 PPPoE
code Session, version 1, type 1, id 0x1b8e, length 58
IP: b.b.b.b > a.a.a.a: icmp: b.b.b.b tcp port 22 unreachable
I would like to do something with pf that's why I did a simple altq
setup with priq, but perhaps there are others possibilities I didn't
see (or know) to solve this problem.
If someone can give me some advice, thanks in advance.
--
Serge
