SSH connection hangs with ipchains/RH6.2/OpenSSH 2.5.1p1 (but not <= 2.3.0p1)

[Troy Carter]

I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel
2.2.17).  I run ipchains to do packet filtering, allowing incoming
connections only to 22 and 80 (and some other ports for specific
machines).  I was able to run prior versions of openssh in this fashion
(I've run it from the first release, I think).  Upon installing 2.5.1p1
I found that my attempts to connect hang, here is ssh -v -v -v output:

[tcarter at fletch tcarter]$ ssh -v -v -v elmo.princeton.edu
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 28419 geteuid 0 anon 0
debug: Connecting to elmo.princeton.edu [128.112.129.192] port 22.
debug: Seeding random number generator
debug: Allocated local port 1019.

I also have a RH7 box (at work) that I had also installed 2.5.1p1 on,
and this one had no such problems, but also doesn't do any packet
filtering (already behind a firewall).   When I turned off ipchains on
the RH6.2 box, the connections go through without a problem.  So for now
I just created ipchains rules to allow all connections from the machines
I routinely ssh to -- mostly because I saw no log entries indicating
unsuccessful connection attempts... ??? 

I also recompiled 2.3.0p1 to make sure I wasn't crazy -- using 2.3.0p1,
I connect with no problem.
I also tried stopping ipchains, connecting (successfully), then
restarting ipchains.  The connection hangs in this case also. Is this a
bug or am I doing something strange with my ipchains setup (pretty
vanilla though...)?  

The servers I am trying to connect to are ssh-1.2.x (Solaris, IRIX) and
OpenSSH 2.3.0p1,2.5.1p1 (Linux).

Thanks-

-Troy


--
Troy Carter                    
tcarter at princeton.edu