Re: An ssh Question

From: Jonathan Chen <jonc@xxxxxxxxxxx>
Date: Sun, 8 Jul 2007 11:23:58 +1200

On Sat, Jul 07, 2007 at 11:59:28AM -0500, Tim Daneliuk wrote:

Jonathan Chen wrote:

On Sat, Jul 07, 2007 at 02:52:21AM -0500, Tim Daneliuk wrote:

I have a machine that is my firewall/gateway to a private network NATing
non-routable addresses. I can ssh at-will from hosts on the private
network to machines out on the net, but when I try to ssh from the
firewall machine to a particular address, it just hangs and eventually
times out. Verbose output is:

OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22.

What is really baffling is that if I try the exact same thing from, say,
a cygwin session on a host on the private network - this works fine.
So ... it's not a firewall problem as near as I can tell.

It sure sounds like a firewall problem to me. Why do you think
otherwise?

Because machines *behind* the firewall can get out to the machine
in question, but the firewall machine itself cannot...

So, the question is:

Is firewall configured so that the firewall host is allowed to
outgoing ssh connections to the 'Net or the internal network?

What firewall software is being used?
--
Jonathan Chen <jonc@xxxxxxxxxxx>
----------------------------------------------------------------------
Power corrupts, Absolute Power is pretty neat
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

References:
- An ssh Question
  - From: Tim Daneliuk
- Re: An ssh Question
  - From: Jonathan Chen
- Re: An ssh Question
  - From: Tim Daneliuk

Prev by Date: Re: Adding a new command
Next by Date: Re: cannot log in via console, cannot su(1), only as root
Previous by thread: Re: An ssh Question
Next by thread: Re: An ssh Question
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
(Firewall-Wizards)
Re: Questions on some wierd /var/log entries
... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
(comp.os.linux.misc)
Re: XP Pro Network Cant ping 192.168.0.1
... Proir to that my network work just fine ... >and I was using remote desktop from the host to my tablet. ... I can ping any of the computers on the 192.168.0.x subnet excepting ... >matter if I firewall the local subnet or not, ...
(microsoft.public.windowsxp.network_web)
Re: Unique ssh/sftp requirement
... The network layer (where the firewall works) sees no difference in the content ... of an ssh connection vs. an scp/sftp connection. ... > Preferably at the server end, ...
(SSH)
Re: Firewall Appliances
... around me that like Windows and Microsoft products and unfortunatally ... >> I've got a quick question about firewall appliances. ... >> protection for my home network or do I need to have a firewall ... that it is too flawed to be shown open on _any_ host in your ...
(comp.security.firewalls)