From owner-freebsd-stable  Mon Nov 13 22:30:56 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from ahab.com (24-168-72-237.nyc.rr.com [24.168.72.237])
	by hub.freebsd.org (Postfix) with ESMTP id AF3A237B4C5
	for <freebsd-stable@FreeBSD.ORG>; Mon, 13 Nov 2000 22:30:52 -0800 (PST)
Received: (from moxie@localhost)
	by ahab.com (8.11.1/8.11.0) id eAE6T1H03249;
	Tue, 14 Nov 2000 01:29:01 -0500 (EST)
	(envelope-from luser)
Date: Tue, 14 Nov 2000 01:29:01 -0500
From: JT <luser@ahab.com>
To: Peter Philipp <pjp@daemonium.com>
Cc: Rod Taylor <rbt@zort.on.ca>, chat@gtabug.org,
	freebsd-stable@FreeBSD.ORG
Subject: Re: gtabug - Problems with Firewall????
Message-ID: <20001114012901.C396@sseye.ahab.com>
Mail-Followup-To: Peter Philipp <pjp@daemonium.com>,
	Rod Taylor <rbt@zort.on.ca>, chat@gtabug.org,
	freebsd-stable@FreeBSD.ORG
References: <3A10A8AE.7AD404EA@zort.on.ca> <20001114005807.C25362@daemonium.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001114005807.C25362@daemonium.com>; from pjp@daemonium.com on Tue, Nov 14, 2000 at 12:58:07AM -0500
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

tcpdump is an excellent place to start.  Certain ssh clients talking
to certain ssh servers have, in my experience, resulted in funny stuff
- window size going to zero and staying there - that is really best
 detected via tcpdump.  Interference from firewall rules can be easily
inferred this way, too.

But occasionally it's something simpler like key regeneration on a slow
machine more interested in other things - this is where ssh -v can
give you hints that something is moving so slowly you it just looks
stuck...

On Tue, Nov 14, 2000 at 12:58:07AM -0500, Peter Philipp wrote:
> On Mon, Nov 13, 2000 at 09:51:26PM -0500, Rod Taylor wrote:
> > Needless to say, it's something weird with IPF, Nat, and SSH on both
> > ends of the connection through the previous two... Removing either IPF
[snip]
> encryption algorithms?  Finally perhaps ssh -v will give you better results 
> in trying to debug this problem.  At last perhaps you can get a tcpdump of
> what it's doing just before it hangs (a good thing to keep track of is window
> updates and negotiations as well).

-- 
-. --- - / . ...- . .-. -.-- / ... .. --. -. .- - ..- .-. . / 
.... .- ... / -- . .- -. .. -. --.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message