Intermittent port forwarding problems openssh 2.9.2p and up

mcurtis9 at csc.com.au mcurtis9 at csc.com.au
Tue Sep 25 12:09:57 EST 2001


Hi all,
     I'm now using openssh 2.9.9p1 (after having the same problem with
2.9.2p), currently on two redhat Linux 6.2 machines and I am getting some
intermittent port forwarding problems.  To provide some background, the two
machines sit on separate networks and talk through a firewall.  I am trying
to get an application to talk through the ssh connection to a remote
machine. ie ssh -N 1500:remote_machine:1500 linux_machine
     This is kicked off from inittab and works fine, the problem is that
the first time a user uses the application after they have logged in, or
after about 5 minutes of leaving their terminal idle the application will
fail to work properly, after some investigation it seems it has hung
waiting on some data from the socket never to arrive.
     I have used ethereal on both ends of the tunnel (ie the loopback
interface on the localhost and eth0 on the remote host), and have found
that the first packet after the syn, syn-ack, ack handshake sent from the
localhost (a psh-ack with some data), fails to appear on the other end of
the tunnel.  Yet when the application is closed, the connection goes
through the normal fin, fin-ack stages of closing.  Which to me seems like
the connection is being managed properly, it's just a problem transmitting
the data.
     Run the application again, and then all the data starts appearing on
both sides correctly and the application works fine.  The only difference I
can see between this applications activity and say telnet or sendmail, is
that there is no banner message from the server after the initial tcp
handshake, the client is the first one to send any data.  why this should
affect anything I do not know, but there may be some assumption of this
type in the code.
     If anyone can provide some help on this as it would be nice to fix it,
or requires some more information please let me know, I can provide some
dumps of the network activity that is occurring at each end (I realise the
traffic between will be gibberish, that is the point after all), and it is
easy enough to upgrade or patch the code to try things out.
     I'm running last night's snapshot (25/9/2001), after seeing some
e-mails in the archive about various problems with port forwarding.  I
should point out, telnet, etc seems to work fine if I try them, and the
application works fine after you try once and quit, and then start it
again...  It builds a new socket connection each time as well, so it's not
some problem with the application using the socket too quickly and it's
fully established by the time we retry the application.

     BTW could you please cc me in on the reply, as I am not subscribed to
this mailing list.

Thanks in advance,
Mark Curtis.
---------------------------------------------------------------------------------------------------------------

Unix/DB Administrator
CSC
Five Islands Road, Port Kembla
Ph: +61-2-42757968         Fax: +61-2-42757801
E-mail: mcurtis9 at csc.com.au

Quidquid latine dictum sit, altum videtur.
Whatever is said in Latin sounds profound.





More information about the openssh-unix-dev mailing list