Date: Thu, 4 Aug 2005 19:53:03 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Rod <rod@supanet.net.uk> Cc: freebsd-pf@freebsd.org Subject: Re: PF, SSH closed by remote host Message-ID: <20050804175303.GI11104@insomnia.benzedrine.cx> In-Reply-To: <1123177703.24009.29.camel@torgau.office.netline.net.uk> References: <1123177703.24009.29.camel@torgau.office.netline.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 04, 2005 at 06:48:23PM +0100, Rod wrote:
> Have tried lists,google and multiple different variations of the above
> pf.conf but it's still happening. Any suggests?
Enable debug logging in pf (pfctl -xm), make sure all blocked packets
are logged and pflogd is running. Print the current counters values
(pfctl -si). Then reproduce the connection reset. Afterwards:
- check /var/log/messages for any messages from pf
- check pflog for any logged packets
- print the counters again (pfctl -si) and check if any of them
have increased
It might be neccessary to tcpdump one entire ssh connection (from
establishment to the point where its reset) to fully analyze the
problem, but maybe the simpler steps above will already give a hint.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050804175303.GI11104>