Morten Nilsen, 23.11.2005 08:53: > Vidar Tyldum Hansen wrote: >> Connecting to an external SSH server through NAT doesn't work very well. >> If I press and hold a key I get 'connection reset by peer'. Do the same >> directly from the gateway (alas no NAT) and it's no problem. >> >> Leaving the session idle or typing very slowly keeps the session alive. >> Only when I type too fast do I get the disconnects. Tcpdumping did not >> make me any wiser. >> >> This does not happen in DNAT'ed ssh sessions going IN to one of the >> networks. > > what's your firewall setup?
Not so sure it's a clever thing to post it, but here goes: http://tyldum.com/fw.txt It's a bit of a mess to read for other than me, I guess ;) I had to remove large portions, but all the rules are there. The confusing part is lack of variable declaration which makes it even harder for anyone to understand. The basic idea: eth5: ISP. Has 10 IP-addresses (aliased). $MONET40 is the IP which all clients are SNAT'ed to. $MONET41 is staticly [S|D]NAT'ed to an internal server in the DMZ. eth6 is this DMZ. All other interfaces are SNAT'ed to $MONET40. It seems the described problem only occurs after NAT. Internally it's all nice and dandy. If you actually read that setup you seriously need a medal. If you figure out the snag I'll personally deliver it ;) _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
