[ale] SSH Cisco Networking Issue

Michael H. Warfield mhw at WittsEnd.com
Sun Sep 26 14:33:16 EDT 2010 

On Sun, 2010-09-26 at 14:02 -0400, Omar Chanouha wrote: 
> Thanks to everyone!

> I found this article and sent it to the IT team: http://www.znep.com/~marcs/mtu/

That's a very nice comprehensive description of the problem, the fix,
and the two workarounds I described and why reducing the MTU (one of the
workarounds) works and why it's just a workaround.  Nice reference.  I'm
going to keep that for future use.  This is bound to come up again (and
again, and again, and again unfortunately...  Sigh).

> Hopefully he will be able to understand and fix the issue now. And
> yes, I too love this list!

> Thanks again,

> -O

Regards,
Mike

> On Sun, Sep 26, 2010 at 1:31 AM, Richard Bronosky <Richard at bronosky.com> wrote:
> > So funny reading the responses that followed. When I heard that
> > cat-ing a large file resulted in NO data as opposed to truncated
> > data... I was confident that it was something like a packet size
> > issue. I was not familiar with this MTU thing, but now I'm researching
> > it out. I love this list. This is why I read it.
> >
> > On 9/16/10, Omar Chanouha <ofosho at gatech.edu> wrote:
> >> Hello All,
> >>
> >>     Sorry for the long email, but I am having an issue with the IT guy
> >> at my office, and this problem is out of my league. I set up a
> >> LAMP/SSH server to host the intranet where I work. I am back at Tech
> >> now, and need a way to connect to the server (Miami) to make changes.
> >> I told the IT guy to open a port for me in the firewall so I can get
> >> to the SSH server. Easy enough right?
> >>
> >> So, I can log into the server *.126, and I can send and recieve data
> >> from it, HOWEVER if I try to receive large (> a paragraph) worth of
> >> data the client hangs. The firewall still registers a connection, and
> >> the client will just hang forever(ctrl-c does nothing, I have to close
> >> the terminal). I would imagine this means it is waiting for data that
> >> is not going to get there, and is also not receiving a disconnect
> >> message.
> >>
> >> Example:
> >>
> >> o at remote:~$cat smallfile
> >> Hello World!
> >> o at remote:~$cat bigfile[no response]
> >>
> >> the same would apply to listing(ls) a small directory vs a large one.
> >> Or even TAB completing a long list vs a short one.
> >>
> >> At address *.126 there are multiple machines, so when I connect to
> >> *.126 I get port forwarded to another machine via NAT. Just as a test,
> >> we made the relationship 1-1 at address *.124 (another ip we own) and
> >> we made the firewall rule completely open at this address. The server
> >> then worked. The IT guy then decided to make the rule more strict by
> >> only allowing connection on port 22, and we went back to the previous
> >> result. He then put in the Cisco SSH rule (rather than just opening
> >> port 22) and it worked again.
> >>
> >> However, *.124 is not available for full time use, so we went back to
> >> *.126 and applied the SSH rule, but got the same result as before.
> >> Here is the weird part, when we port forward *.126 to one of the SSH
> >> servers on one of the Cisco routers (rather than my machine) SSH works
> >> fine. The IT guy thinks that the issue is coming from the NAT b/c we
> >> are using the same firewall rule that worked w/ 1-1.
> >>
> >> Question, what could be causing the Ubuntu SSH server to hang ONLY
> >> when larger amounts of data are being sent, but not affect the Cisco
> >> SSH servers?
> >>
> >> Thanks,
> >>
> >> -O
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >
> > --
> > Sent from my mobile device
> >
> > .!# RichardBronosky #!.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20100926/ff6aac08/attachment.bin

More information about the Ale mailing list