From owner-freebsd-questions@FreeBSD.ORG Sat May 15 06:43:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B86C916A4CE; Sat, 15 May 2004 06:43:54 -0700 (PDT) Received: from webmail.tiscali.de (relay1.tiscali.de [62.26.116.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id C342143D48; Sat, 15 May 2004 06:43:49 -0700 (PDT) (envelope-from walter@pelissero.de) Received: from daemon.home.loc (62.246.21.235) by webmail.tiscali.de (6.7.019) id 40A272C2001331B6; Sat, 15 May 2004 15:43:48 +0200 Received: from hyde.home.loc (hyde.home.loc [10.0.0.2]) by daemon.home.loc (8.12.11/8.12.8) with ESMTP id i4FDgmTe000434; Sat, 15 May 2004 15:42:49 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: from hyde.home.loc (localhost [127.0.0.1]) by hyde.home.loc (8.12.10/8.12.8) with ESMTP id i4FDhIbo018090; Sat, 15 May 2004 15:43:18 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: (from wcp@localhost) by hyde.home.loc (8.12.10/8.12.6/Submit) id i4FDhIeM018087; Sat, 15 May 2004 15:43:18 +0200 (CEST) (envelope-from wcp) From: "Walter C. Pelissero" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16550.7798.333149.997514@hyde.home.loc> Date: Sat, 15 May 2004 15:43:18 +0200 To: John Mills In-Reply-To: References: <16548.42814.515842.247302@hyde.home.loc> X-Mailer: VM 7.16 under Emacs 21.3.50.1 X-Attribution: WP X-For-Spammers: blacklistme@pelissero.de cc: freebsd-net@freebsd.org cc: FreeBSD-questions Subject: Re: Dlink DSL router doesn't like FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: walter@pelissero.de List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 May 2004 13:43:55 -0000 John Mills writes: > First, are you coming into your LAN from outside, or going outwards? Either ways. > If it's an outgoing-connection problem, I would look into the > firewall setting of the FBSD box. Maybe you set didn't set it up to > pass the ports for outgoing telnet and ssh, or maybe you shut off > the replies on those same ports. Not as far as I know. I personally took care of the installation. *Intra*net traffic works seamlessly, between the two FreeBSD boxes, though. > Try plugging the WindowBox into another of the router's ports, then > use PuTTY to telnet and ssh into your FBSD box (using it's LAN > address, naturally). If that works, the problem is definitely the > router, but possibly a setup issue. Especially since telnet is > also involved. (Many people disable incoming telnet, for security > reasons.) I haven't tried PuTTY internally (from Windoze to FreeBSD). I won't be able to do that test during the weekend as I'm currently about 500 miles away from that LAN. I'll keep you posted, though. > When you have intra-LAN access working, look into port forwarding in the > router's setup: you want incoming traffic from the ports used by ssh and > (if you enable it) telnet to be sent to the LAN address of your FBSD box. Did it. If I didn't, I suppose ssh wouldn't go that far in the login process. As suggested by Konrad Heuer I gathered further data with -v options of ssh and tcpdump. As suggested by Vladimir Terziev i ran ssh using protocol 1 only and disabling X11 forwarding. Here is the command line: ssh -vvv -x -1 -4 that.bloody.address from my machine at home to the dynamic IP address of that router which is configured to forward port 22 to the FreeBSD box. Here is the log: OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to that.bloody.address [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /usr/home/wcp/.ssh/identity type 0 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p1 FreeBSD-20030924 debug1: match: OpenSSH_3.6.1p1 FreeBSD-20030924 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.6.1p1 FreeBSD-20030924 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts2 debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2 debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts debug3: check_host_in_hostfile: match line 31 debug1: Host 'that.bloody.address' is known and matches the RSA1 host key. debug1: Found key in /usr/home/wcp/.ssh/known_hosts:31 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug2: cipher_init: set keylen (16 -> 32) debug2: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying RSA authentication with key '/usr/home/wcp/.ssh/identity' debug1: Server refused our key. debug1: Doing challenge response authentication. Password: Response: [I just type return] debug1: Doing password authentication. me@that.bloody.address's password: [I type the password] debug1: Requesting pty. debug3: tty_make_modes: ospeed 38400 debug3: tty_make_modes: ispeed 38400 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 255 debug3: tty_make_modes: 7 255 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 17 8 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 1 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 1 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug2: fd 3 setting TCP_NODELAY debug1: Requesting shell. debug1: Entering interactive session. [Hung. No input or output and no way to kill the process with a simple ^C, but if a type something this blinks my modem Tx led.] Killed by signal 15. [I gave up and killed the process from another tty. ] debug1: Calling cleanup 0x804c7a4(0x0) Looks to me that all the handshaking has been carried as expected, but once the interactive session is established the traffic doesn't get through. The output of tcpdump -vv of that session (which I'm not able to decipher) has been: 23:52:20.510104 hyde.home.loc.50315 > daemon.home.loc.domain: [udp sum ok] 48558+ A? that.bloody.address. (33) (ttl 64, id 3105, len 61) 23:52:20.825634 daemon.home.loc.domain > hyde.home.loc.50315: 48558 q: A? that.bloody.address. 1/3/3 that.bloody.address.[|domain] (ttl 64, id 24735, len 194) 23:52:20.826508 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: S [tcp sum ok] 439582340:439582340(0) win 65535 (DF) (ttl 64, id 3106, len 60) 23:52:21.054747 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: S [tcp sum ok] 4223415736:4223415736(0) ack 439582341 win 65535 (DF) (ttl 54, id 884, len 60) 23:52:21.054919 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: . [tcp sum ok] 1:1(0) ack 1 win 32947 (DF) (ttl 64, id 3107, len 52) 23:52:21.234712 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P 1:43(42) ack 1 win 32947 (DF) (ttl 54, id 885, len 94) 23:52:21.235617 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 1:42(41) ack 43 win 32947 (DF) (ttl 64, id 3108, len 93) 23:52:21.449716 hyde.home.loc.50316 > daemon.home.loc.domain: [udp sum ok] 41402+ PTR? 1.0.0.10.in-addr.arpa. (39) (ttl 64, id 3109, len 67) 23:52:21.450467 daemon.home.loc.domain > hyde.home.loc.50316: 41402* q: PTR? 1.0.0.10.in-addr.arpa. 1/1/0 1.0.0.10.in-addr.arpa. PTR[|domain] (ttl 64, id 24736, len 114) 23:52:21.451106 hyde.home.loc.50317 > daemon.home.loc.domain: [udp sum ok] 41403+ PTR? 2.0.0.10.in-addr.arpa. (39) (ttl 64, id 3110, len 67) 23:52:21.451736 daemon.home.loc.domain > hyde.home.loc.50317: 41403* q: PTR? 2.0.0.10.in-addr.arpa. 1/1/0 2.0.0.10.in-addr.arpa. PTR[|domain] (ttl 64, id 24737, len 112) 23:52:21.452417 hyde.home.loc.50318 > daemon.home.loc.domain: [udp sum ok] 41404+ PTR? 76.182.42.151.in-addr.arpa. (44) (ttl 64, id 3111, len 72) 23:52:21.455887 daemon.home.loc.domain > hyde.home.loc.50318: 41404 q: PTR? 76.182.42.151.in-addr.arpa. 1/13/13 76.182.42.151.in-addr.arpa.[|domain] (ttl 64, id 24740, len 536) 23:52:21.515011 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P 43:319(276) ack 42 win 32947 (DF) (ttl 54, id 886, len 328) 23:52:21.521659 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 42:198(156) ack 319 win 32947 (DF) (ttl 64, id 3112, len 208) 23:52:21.784724 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 319:331(12) ack 198 win 32947 (DF) (ttl 54, id 887, len 64) 23:52:21.785512 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 198:218(20) ack 331 win 32947 (DF) (ttl 64, id 3113, len 72) 23:52:21.974680 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 331:343(12) ack 218 win 32947 (DF) (ttl 54, id 889, len 64) 23:52:21.975378 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 218:358(140) ack 343 win 32947 (DF) (ttl 64, id 3114, len 192) 23:52:22.184705 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 343:355(12) ack 358 win 32947 (DF) (ttl 54, id 890, len 64) 23:52:22.185295 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 358:370(12) ack 355 win 32947 (DF) (ttl 64, id 3115, len 64) 23:52:22.374759 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 355:383(28) ack 370 win 32947 (DF) (ttl 54, id 891, len 80) 23:52:22.467999 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: . [tcp sum ok] 370:370(0) ack 383 win 32947 (DF) (ttl 64, id 3116, len 52) 23:52:27.963242 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 370:422(52) ack 383 win 32947 (DF) (ttl 64, id 3117, len 104) 23:52:28.144856 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 383:395(12) ack 422 win 32947 (DF) (ttl 54, id 892, len 64) 23:52:28.149515 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 422:570(148) ack 395 win 32947 (DF) (ttl 64, id 3118, len 200) 23:52:28.374885 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 395:407(12) ack 570 win 32947 (DF) (ttl 54, id 893, len 64) 23:52:28.375581 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3119, len 64) 23:52:28.958093 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3120, len 64) 23:52:29.938112 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3121, len 64) 23:52:31.698130 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3122, len 64) 23:52:35.018187 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3123, len 64) > Tschuess. Charming, but I'm not German. :-) Cheers, -- walter pelissero http://www.pelissero.de