Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 8 Jul 2007 11:23:58 +1200
From:      Jonathan Chen <jonc@chen.org.nz>
To:        Tim Daneliuk <tundra@tundraware.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: An ssh Question
Message-ID:  <20070707232358.GE69224@osiris.chen.org.nz>
In-Reply-To: <468FC670.9060903@tundraware.com>
References:  <468F4635.4020204@tundraware.com> <20070707090248.GB62156@osiris.chen.org.nz> <468FC670.9060903@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Jul 07, 2007 at 11:59:28AM -0500, Tim Daneliuk wrote:
> Jonathan Chen wrote:
> >On Sat, Jul 07, 2007 at 02:52:21AM -0500, Tim Daneliuk wrote:
> >>I have a machine that is my firewall/gateway to a private network NATing
> >>non-routable addresses. I can ssh at-will from hosts on the private
> >>network to machines out on the net, but when I try to ssh from the
> >>firewall machine to a particular address, it just hangs and eventually
> >>times out. Verbose output is:
> >>
> >>  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
> >>  debug1: Reading configuration data /etc/ssh/ssh_config
> >>  debug2: ssh_connect: needpriv 0
> >>  debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22.
> >>
> >>
> >>What is really baffling is that if I try the exact same thing from, say,
> >>a cygwin session on a host on the private network - this works fine.
> >>So ... it's not a firewall problem as near as I can tell.
> >
> >It sure sounds like a firewall problem to me. Why do you think
> >otherwise?
> 
> Because machines *behind* the firewall can get out to the machine
> in question, but the firewall machine itself cannot...

So, the question is:

	Is firewall configured so that the firewall host is allowed to
	outgoing ssh connections to the 'Net or the internal network?

What firewall software is being used?
-- 
Jonathan Chen <jonc@chen.org.nz>
----------------------------------------------------------------------
                         Power corrupts, Absolute Power is pretty neat

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070707232358.GE69224>