[ previous ] [ next ] [ threads ]
 
 From:  Tim Vaughan <talltim at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Firewall weirdness (was: Feature suggestion: show related rule in firewall logs)
 Date:  Fri, 27 Jan 2006 12:44:55 +0000
Here are some logs, in case they're useful.  As far as I can tell,
these show packets being allowed on the LAN interface and then a bit
later very similar packets being blocked.

12:41:57.116051 sis0 @0:13 b 192.168.0.10,46989 -> 192.168.1.35,22 PR
tcp len 20 64 -A IN
12:41:57.115960 sis0 @0:13 b 192.168.0.10,46989 -> 192.168.1.35,22 PR
tcp len 20 500 -AP IN
12:41:56.634975 sis0 @0:13 b 192.168.0.10,46989 -> 192.168.1.35,22 PR
tcp len 20 64 -A IN
12:41:56.384750 2x sis0 @0:13 b 192.168.0.10,46989 -> 192.168.1.35,22
PR tcp len 20 500 -AP IN
12:41:54.072839 sis0 @100:2 p 192.168.0.10,46989 -> 192.168.1.35,22 PR
tcp len 20 60 -S K-S K-F IN

Is there any different between packets that you get when an ssh
connection is being established compared to those involved in the
actuall ssh connection itself?  Because it looks like the former are
being allowed and the latter being blocked.

Tim

On 1/27/06, Tim Vaughan <talltim at gmail dot com> wrote:
> > Yup, the default pass rule on LAN lets fragmented packets through.  I
> > also reflashed the offending NSLU2 to see if dodgy firmware was to
> > blame.  Now I'm left wondering if a bad network cable could be the
> > problem, as nothing else has solved it.
>
>
> Having changed over the network cable it hasn't made a difference.
> Also, I've installed Ubuntu Linux over the previous Win2k installation
> on my desktop at the 192.168.0.0/24 network which now stops me from
> connecting to any work machine over SSH.  Previously, I could connect
> using PuTTY.
> Trying "ssh computeratwork.workinternaldomain" lets me accept or deny
> the key for the work host and then asks me for the password.  Checking
> /var/log/auth.log on that machine shows that I enter the password ok
> and then the ssh connection just hangs - the m0n0wall logs then show
> packets being blocked on port 22 as before.
> I can connect via SSH to the WAN address of the router at work (i.e.
> not using the VPN) fine - my home m0n0 just blocks some packets, but
> not all, from crossing the VPN.
> Any suggestions would be welcome as I'm completely stumped.
>
> Tim
>