[svlug] ssh oddity?

Robert Khachikyan rhxk at charter.net
Sat Jan 31 15:02:33 PST 2004

Previous message: [svlug] gnome-telnet odd behaviour
Next message: [svlug] Big name OSS presentation in Santa Clara this week
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OK, this is throwing me off...I think I need a fresh mind
in this...here is my problem:

There's a machine behind NAT that is running ssh.com's 2.4.0.
It's running RH5.2 and I can ssh2 to this machine from anywhere
but a particular subnet. All the external firewalls have been turned
off but its own hosts.allow/deny:

hosts.deny:
ALL: ALL

hosts.allow:
(there's few ip's & domain's here)

DNS is problematic, so I've modified the /etc/nsswitch.conf
to look at /etc/hosts for DNS lookup not to delay the sshd.

It seems that my subnet sends a reset flag not allowing the 3-way
handshake to be completed....check out the tcpdump on that machine:
(grt is my server & are1 is the RH5.2 machine)

tcpdump: listening on eth0
22:02:10.859151 grt.43629 > are1.22: S 0:0(0) win 14600 <mss 1460>
22:02:10.859151 are1.22 > grt.43629: S 2669256336:2669256336(0) ack 1 win 32736 <mss 1460>
22:02:10.859151 grt.43629 > are1.22: . ack 1 win 14600
22:02:10.869151 are1.22 > grt.43629: P 1:50(49) ack 1 win 32736 (DF)
22:02:10.989151 grt.43629 > are1.22: . ack 50 win 14600
22:02:13.829076 grt.43629 > are1.22: R 1:1(0) win 0
22:02:19.838926 grt.43629 > are1.22: S 0:0(0) win 14600 <mss 1460>
22:02:19.838926 are1.22 > grt.43629: S 2678233564:2678233564(0) ack 1 win 32736 <mss 1460>
22:02:19.838926 grt.43629 > are1.22: . ack 1 win 14600
22:02:19.848926 are1.22 > grt.43629: P 1:50(49) ack 1 win 32736 (DF)
22:02:19.958926 grt.43629 > are1.22: . ack 50 win 14600
22:02:31.848626 grt.43629 > are1.22: R 1:1(0) win 0


But from another subnet, the connection is OK. In fact, I can
get there from home(dhcp), but not from work(static ip):

tcpdump: listening on eth0
22:00:29.701699 rob.1037 > are1.22: S 0:0(0) win 14600 <mss 1460>
22:00:29.701699 are1.22 > rob.1037: S 3802406716:3802406716(0) ack 1 win 32736 <mss 1460>
22:00:29.711699 rob.1037 > are1.22: . ack 1 win 14600
22:00:29.721699 are1.22 > rob.1037: P 1:50(49) ack 1 win 32736 (DF)
22:00:29.731699 rob.1037 > are1.22: . ack 50 win 14600
22:00:31.111649 rob.1037 > are1.22: P 1:50(49) ack 50 win 14600
22:00:31.111649 are1.22 > rob.1037: P 50:978(928) ack 50 win 32736 (DF)
22:00:31.231649 rob.1037 > are1.22: . ack 978 win 14600
22:00:31.461649 rob.1037 > are1.22: P 50:666(616) ack 978 win 14600
22:00:31.481649 are1.22 > rob.1037: . ack 666 win 32736 (DF)
22:00:31.621649 are1.22 > rob.1037: P 978:1618(640) ack 666 win 32736 (DF)
22:00:31.731649 rob.1037 > are1.22: . ack 1618 win 14600
22:00:31.731649 are1.22 > rob.1037: P 1618:1634(16) ack 666 win 32736 (DF)


Is there something here I'm missing on?
Thanx...



As Always,
...Robert

Previous message: [svlug] gnome-telnet odd behaviour
Next message: [svlug] Big name OSS presentation in Santa Clara this week
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list