On Fri, Mar 16, 2007 at 10:12:15AM +1100, Darren Tucker wrote:
> [EMAIL PROTECTED] wrote:
> >I have just migrated from using a Solaris box as my work system to
> >having Fedora Core 6 on my desktop PC.
> >
> >I have a number of ssh 'pinholes' in the company firewall to let
> >me connect to external systems. These are to four external systems
> >and from the Solaris system they all work still. From the new FC6
> >system they all work *except* for the one to my home system. Thus
> >the basics of ssh security etc. would seem to be OK.
> [...]
> >Can anyone suggest any reason for this problem and how to fix it? I'm
> >stumped.
>
> You could try turning of TCP window scaling on the client side ("echo 0
> > /proc/sys/net/ipv4/tcp_window_scaling". If your firewall gets it
> wrong then you might see odd errors like this.
>
After much tearing of hair, thinking, etc. I finally found the problem
which turned out to be nothing to do with ssh at all. The Slackware
host system is behind a Speedtouch router/firewall and the firewall
was rejecting packets sent back from the Slackware host to the FC6
client because of some sort of packet sequence error. The router log
says:-
FIREWALL fast tcp seqnr check (1 of 2): Protocol: TCP Src ip:
192.168.1.1 Src port: 22 Dst ip: 193.128.168.194 Dst port: 51097
I fixed the problem by turning off the firewall TCP checks, i.e.:-
firewall config tcpchecks none
I'd like to find out more, e.g. is it the firewall being paranoid or
is it actually an error in the FC6 TCP code. However I can't really
find out much more about this error at present.
--
Chris Green ([EMAIL PROTECTED])
