TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [TCLUG:8149] ssh and NAT
> From: Daniel M. Debertin [mailto:katdan@mail.swdata.com]
> I'm clueless about cbos, but linux uses ports 61000-65536 for
> masqueraded
> connections. I've heard about some ISPs blocking these ports
> and screwing
> up people's NAT configurations royally, but this may just be
> the way Linux
> does it. Try running some sort of packet capture util or
> network monitor
> and see what ports cbos tries to use for its NAT.
>
Unfortunately cbos is a fairly limited os. It has some cool (and scary)
features like a dhcp, telnet, tftp, web and other servers, but no real tools
to do packet capture or network monitoring kind of stuff.
> From: Jon Schewe
> Could it have something to do with the reverse lookup? What
> types of errors
> are you seeing?
>
Don't know where reverse lookups fit in the picture. The router's dhcp
assigned address nslookup's to a uswest hostname that must be part of their
dhcp pool. My ip address is internal and unknown to the outside world. One
thing i noticed though was that the public key (~/.ssh/indentity.pub) that
ssh-keygen created also had <user>@<host> in it as did the
~/.ssh/authorized_keys file on the sshd server side. The <host> is my
internal hostname. Wonder what ssh needs it for, or does with it ?
I played with this again last night. Seems like i can only run one ssh at a
time. The only time i could run 2 sessions was when one of them froze up
for no apparent reason. netstat showed the ssh sessions on my machine using
ports 1021, 1022, 1023. I didn't try more as i kept killing the hung
sessions and waited for the ports to free up.
Interestingly the sessions that could not even startup, were stuck in
SYN_SENT. Which means they could not even establish a basic connection.
Maybe there is something on the sshd side that's limiting connections. I'll
follow up with my company's sysadmin.
But the successful sessions that freeze up are still a mystery.
Thanks.
-Unni