From owner-freebsd-questions@FreeBSD.ORG Sat Jul 7 16:59:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D275216A421 for ; Sat, 7 Jul 2007 16:59:51 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from eskimo.tundraware.com (eskimo.tundraware.com [66.92.130.161]) by mx1.freebsd.org (Postfix) with ESMTP id 8B89D13C48A for ; Sat, 7 Jul 2007 16:59:51 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [66.92.130.199]) (authenticated bits=0) by eskimo.tundraware.com (8.14.1/8.14.1) with ESMTP id l67GxWpE000265 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 11:59:32 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <468FC670.9060903@tundraware.com> Date: Sat, 07 Jul 2007 11:59:28 -0500 From: Tim Daneliuk Organization: TundraWare Inc. User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: Jonathan Chen , freebsd-questions@freebsd.org References: <468F4635.4020204@tundraware.com> <20070707090248.GB62156@osiris.chen.org.nz> In-Reply-To: <20070707090248.GB62156@osiris.chen.org.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-tundraware.com-MailScanner-Information: Please contact the ISP for more information X-tundraware.com-MailScanner: Found to be clean X-tundraware.com-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.515, required 1, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, URI_NOVOWEL 0.88) X-tundraware.com-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Cc: Subject: Re: An ssh Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tundra@tundraware.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2007 16:59:51 -0000 Jonathan Chen wrote: > On Sat, Jul 07, 2007 at 02:52:21AM -0500, Tim Daneliuk wrote: >> I have a machine that is my firewall/gateway to a private network NATing >> non-routable addresses. I can ssh at-will from hosts on the private >> network to machines out on the net, but when I try to ssh from the >> firewall machine to a particular address, it just hangs and eventually >> times out. Verbose output is: >> >> OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug2: ssh_connect: needpriv 0 >> debug1: Connecting to xxxxxxxxxxxxxx.com [x.x.x.x] port 22. >> >> >> What is really baffling is that if I try the exact same thing from, say, >> a cygwin session on a host on the private network - this works fine. >> So ... it's not a firewall problem as near as I can tell. > > It sure sounds like a firewall problem to me. Why do you think > otherwise? Because machines *behind* the firewall can get out to the machine in question, but the firewall machine itself cannot... -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/