Morten Nilsen, 23.11.2005 08:53:
> Vidar Tyldum Hansen wrote:
>> Connecting to an external SSH server through NAT doesn't work very well. 
>> If I press and hold a key I get 'connection reset by peer'. Do the same 
>> directly from the gateway (alas no NAT) and it's no problem.
>>
>> Leaving the session idle or typing very slowly keeps the session alive. 
>> Only when I type too fast do I get the disconnects. Tcpdumping did not 
>> make me any wiser.
>>
>> This does not happen in DNAT'ed ssh sessions going IN to one of the 
>> networks.
> 
> what's your firewall setup?

Not so sure it's a clever thing to post it, but here goes:
http://tyldum.com/fw.txt

It's a bit of a mess to read for other than me, I guess ;)
I had to remove large portions, but all the rules are there. The
confusing part is lack of variable declaration which makes it even
harder for anyone to understand.

The basic idea:

eth5: ISP. Has 10 IP-addresses (aliased). $MONET40 is the IP which all
clients are SNAT'ed to. $MONET41 is staticly [S|D]NAT'ed to an internal
server in the DMZ.
eth6 is this DMZ.

All other interfaces are SNAT'ed to $MONET40.

It seems the described problem only occurs after NAT. Internally it's
all nice and dandy.

If you actually read that setup you seriously need a medal. If you
figure out the snag I'll personally deliver it ;)
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to