From owner-freebsd-stable  Mon Nov 13 18:51:32 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from hse-toronto-ppp119263.sympatico.ca (HSE-Toronto-ppp88281.sympatico.ca [216.209.30.40])
	by hub.freebsd.org (Postfix) with SMTP id 81B2037B479
	for <freebsd-stable@freebsd.org>; Mon, 13 Nov 2000 18:51:29 -0800 (PST)
Received: (qmail 1192 invoked by uid 0); 14 Nov 2000 02:50:57 -0000
Received: from unknown (HELO zort.on.ca) (rbt@10.0.0.100)
  by hse-toronto-ppp88281.sympatico.ca with SMTP; 14 Nov 2000 02:50:57 -0000
Message-ID: <3A10A8AE.7AD404EA@zort.on.ca>
Date: Mon, 13 Nov 2000 21:51:26 -0500
From: Rod Taylor <rbt@zort.on.ca>
Organization: Zort
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.1.1-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: chat@gtabug.org, freebsd-stable@freebsd.org
Subject: Problems with Firewall????
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I have an appropriately unique situation...

3 remote boxes all with FreeBSD -STABLE (4.1.1 around the 2nd or so..)
using OpenSSH.

These are all running IPF (rules available upon request).  I'm having
problems with SSH locking up the terminal.  Ie. CTRL C and CTRL BREAK do
absolutly nothing (as does any other key).  This occurs when running
such things as top, man, dmesg or anything with alot of output fairly
quickly (cvs is my primary concern).


Now...  to make it interesting, this problem only manifests itself on
machines behind a nat box.  Tested on 4 machines behind both a FreeBSD
nat and a Cisco Pix nat.  Server was always one of the 3 above, clients
were FreeBSD 4.0 to FreeBSD 5.x using OpenSSH.  Linux 2.2.16 client
(same situation) not using OpenSSH didn't cause this problem, nor do the
above listed FreeBSD boxes when NOT behind Nat.

Needless to say, it's something weird with IPF, Nat, and SSH on both
ends of the connection through the previous two... Removing either IPF
or Nat does the trick, as does making one connection non-freebsd (or
atleast non-openssh).

Please help!  I don't like using Linux that much ;)

I intend to update to 4.2-Beta on one box behind nat soon to see if that
helps (assumming openssh has been touched since 4.1.1).


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message