RE: [TCLUG:8149] ssh and NAT

[Unni Nambiar <unambiar@Legato.COM>]

> From: Daniel M. Debertin [mailto:katdan@mail.swdata.com]
> I'm clueless about cbos, but linux uses ports 61000-65536 for 
> masqueraded
> connections. I've heard about some ISPs blocking these ports 
> and screwing
> up people's NAT configurations royally, but this may just be 
> the way Linux
> does it. Try running some sort of packet capture util or 
> network monitor
> and see what ports cbos tries to use for its NAT.
> 

Unfortunately cbos is a fairly limited os. It has some cool (and scary)
features like a dhcp, telnet, tftp, web and other servers, but no real tools
to do packet capture or network monitoring kind of stuff.

> From: Jon Schewe
> Could it have something to do with the reverse lookup?  What 
> types of errors
> are you seeing?
>

Don't know where reverse lookups fit in the picture.  The router's dhcp
assigned address nslookup's to a uswest hostname that must be part of their
dhcp pool. My ip address is internal and unknown to the outside world.  One
thing i noticed though was that the public key (~/.ssh/indentity.pub) that
ssh-keygen created also had <user>@<host> in it as did the
~/.ssh/authorized_keys file on the sshd server side.  The <host> is my
internal hostname.  Wonder what ssh needs it for, or does with it ?

I played with this again last night.  Seems like i can only run one ssh at a
time.  The only time i could run 2 sessions was when one of them froze up
for no apparent reason.  netstat showed the ssh sessions on my machine using
ports 1021, 1022, 1023.  I didn't try more as i kept killing the hung
sessions and waited for the ports to free up.

Interestingly the sessions that could not even startup, were stuck in
SYN_SENT.  Which means they could not even establish a basic connection.
Maybe there is something on the sshd side that's limiting connections.  I'll
follow up with my company's sysadmin.

But the successful sessions that freeze up are still a mystery.

Thanks.

-Unni