Firewall Wizards mailing list archives
Re: Peculiar behavior of SSH--could this be the firewall? Or DNS problem?
From: William Stearns <wstearns () pobox com>
Date: Sat, 28 Aug 1999 01:04:12 -0400 (EDT)
On Fri, 27 Aug 1999, Christopher C. Petro wrote:
Here's the basic set up: Small office (15 people max) behind a Sonic Firewall doing NAT on a SDSL line (northpoint). Connecting to a set of servers co-located at a large colo facility. Behind a CheckPoint/Solaris firewall. My home machine, running OpenBSD connected to a iDSL line (Covad) connecting to the same machines. SSH2 is giving me fits--I can connect from home just fine, but when I try from any machine at the office (behind the firewall) I get something to the effect of "Disconnected--no more authentication methods available".
Unfortunately, I'm not familiar with Checkpoint, so this may not be relevant at all. One quirk about ssh: the source port is not always a random port above 1024. If the client end has sshd running as root, it picks the first available port _below_ 1024. Is there any change that Checkpoint's configuration only allows for connections with source ports larger than 1024? I'd recommend using, say, 1000:65535 as the client port range for ssh instead of 1024:65535. The odds are not all that good that this is the source of your problem, but at least it's a good bit of trivia when Alex Trebek introduces the "Source Ports Used in IPV4 Protocols" category... *smile* Cheers, - Bill --------------------------------------------------------------------------- The thing that I suspect matters most is that Telsa is more important to me than sitting in front of a computer reading email. - Alan Cox -------------------------------------------------------------------------- William Stearns (wstearns () pobox com). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/ --------------------------------------------------------------------------
Current thread:
- Peculiar behavior of SSH--could this be the firewall? Or DNS problem? Christopher C. Petro (Aug 27)
- Re: Peculiar behavior of SSH--could this be the firewall? Or DNS problem? William Stearns (Aug 30)