From owner-freebsd-questions@FreeBSD.ORG Sat Jul 7 23:24:01 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F2AF16A421 for ; Sat, 7 Jul 2007 23:24:01 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: from drone3.qsi.net.nz (drone3-svc-skyt.qsi.net.nz [202.89.128.3]) by mx1.freebsd.org (Postfix) with ESMTP id AEBB013C465 for ; Sat, 7 Jul 2007 23:24:00 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: (qmail 10046 invoked by uid 0); 7 Jul 2007 23:23:58 -0000 Received: from unknown (HELO chen.org.nz) ([202.89.146.5]) (envelope-sender ) by 0 (qmail-ldap-1.03) with SMTP for ; 7 Jul 2007 23:23:58 -0000 Received: by chen.org.nz (Postfix, from userid 1000) id 7D7D07E85D; Sun, 8 Jul 2007 11:23:58 +1200 (NZST) Date: Sun, 8 Jul 2007 11:23:58 +1200 From: Jonathan Chen To: Tim Daneliuk Message-ID: <20070707232358.GE69224@osiris.chen.org.nz> References: <468F4635.4020204@tundraware.com> <20070707090248.GB62156@osiris.chen.org.nz> <468FC670.9060903@tundraware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <468FC670.9060903@tundraware.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-questions@freebsd.org Subject: Re: An ssh Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2007 23:24:01 -0000 On Sat, Jul 07, 2007 at 11:59:28AM -0500, Tim Daneliuk wrote: > Jonathan Chen wrote: > >On Sat, Jul 07, 2007 at 02:52:21AM -0500, Tim Daneliuk wrote: > >>I have a machine that is my firewall/gateway to a private network NATing > >>non-routable addresses. I can ssh at-will from hosts on the private > >>network to machines out on the net, but when I try to ssh from the > >>firewall machine to a particular address, it just hangs and eventually > >>times out. Verbose output is: > >> > >> OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004 > >> debug1: Reading configuration data /etc/ssh/ssh_config > >> debug2: ssh_connect: needpriv 0 > >> debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22. > >> > >> > >>What is really baffling is that if I try the exact same thing from, say, > >>a cygwin session on a host on the private network - this works fine. > >>So ... it's not a firewall problem as near as I can tell. > > > >It sure sounds like a firewall problem to me. Why do you think > >otherwise? > > Because machines *behind* the firewall can get out to the machine > in question, but the firewall machine itself cannot... So, the question is: Is firewall configured so that the firewall host is allowed to outgoing ssh connections to the 'Net or the internal network? What firewall software is being used? -- Jonathan Chen ---------------------------------------------------------------------- Power corrupts, Absolute Power is pretty neat