Connection timeouts with SSH and CVS
Hi there, I'm having problems using SSH and CVS at my work. The connections timeout. However I can browse the internet with Mozilla just fine. But this only happens on my network at work. When I dial in to my ISP from home, in SSH and CVS both work fine. The network at work mostly has Windows machines on it, and on my Windows machine there I can use Putty and CVS fine. I'm running Debian Testing, installed over the net a couple days ago with a recent version of the installer. Here's how SSH looks at work (except the IP address is changed to protect the guilty), with verbose turned on : [EMAIL PROTECTED]:~$ ssh -v [EMAIL PROTECTED] OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 999.999.999.999 [999.999.999.999] port 22. debug1: connect to address 999.999.999.999 port 22: Connection timed out ssh: connect to host 999.999.999.999 port 22: Connection timed out And CVS with trace turned on : [EMAIL PROTECTED]:~$ cvs -t d:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc login -> parse_cvsroot ( :pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc ) -> main loop with CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc Logging in to :pserver:[EMAIL PROTECTED]:2401/cvsroot/mspgcc CVS password: -> Connecting to cvs.sourceforge.net(66.35.250.207):2401. cvs [login aborted]: connect to cvs.sourceforge.net(66.35.250.207):2401 failed: Connection timed out I can ping both these addressess just fine. Any ideas how I can figure out whats wrong? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
On Thu, 30 Dec 2004 05:27:50 -0800, Brian <[EMAIL PROTECTED]> wrote: > Norman Davis wrote: > > Hi there, > > > > I'm having problems using SSH and CVS at my work. The connections > > timeout. However I can browse the internet with Mozilla just fine. > > > > But this only happens on my network at work. When I dial in to my ISP > > from home, in SSH and CVS both work fine. The network at work mostly > > has Windows machines on it, and on my Windows machine there I can use > > Putty and CVS fine. > > Does SSH & no CVS function correctly at work? > > Brian > I can't CVS to sourceforge.net from work and I can't SSH to another companies server from my debian Testing install at work. I should've mentioned this is all on the same laptop: When running the laptop with Debian Testing at home, over dialup I can CVS to sourceforge.net and I can SSH into another company's server over the internet. When I take that laptop to work and hook into the network the CVS and SSH connections won't start, they timeout before anything starts. (I can still browse with Mozilla.) If I switch out my hard drive in that laptop and run Windows XP at work with the same network connection, I can use CVS and PuTTY (for SSH connection) just fine. I'm not running CVS over SSH. I'm using the two programs seperately. I noticed they both complain about connection timeouts and am hoping this is a clue. Any ideas? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
On Thu, 30 Dec 2004 13:02:26 -0500, Adam Aube <[EMAIL PROTECTED]> wrote: > > Is ECN off (/proc/sys/net/ipv4/tcp_ecn)? You can check/set it with sysctl. > net.ipv4.tcp_ecn was 0. I just now set it to 1. CVS and SSH still don't work. I guess I want to leave net.ipv4.tcp_ecn at 0? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
On Wed, 29 Dec 2004 21:12:01 -0700, Norman Davis <[EMAIL PROTECTED]> wrote: > Hi there, > > I'm having problems using SSH and CVS at my work. The connections > timeout. However I can browse the internet with Mozilla just fine. > > But this only happens on my network at work. When I dial in to my ISP > from home, in SSH and CVS both work fine. The network at work mostly > has Windows machines on it, and on my Windows machine there I can use > Putty and CVS fine. > > I'm running Debian Testing, installed over the net a couple days ago > with a recent version of the installer. > > Here's how SSH looks at work (except the IP address is changed to > protect the guilty), with verbose turned on : > > [EMAIL PROTECTED]:~$ ssh -v [EMAIL PROTECTED] > OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Connecting to 999.999.999.999 [999.999.999.999] port 22. > debug1: connect to address 999.999.999.999 port 22: Connection timed out > ssh: connect to host 999.999.999.999 port 22: Connection timed out > > And CVS with trace turned on : > [EMAIL PROTECTED]:~$ cvs -t > d:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc login > -> parse_cvsroot ( :pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc ) > -> main loop with > CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc > Logging in to :pserver:[EMAIL PROTECTED]:2401/cvsroot/mspgcc > CVS password: > -> Connecting to cvs.sourceforge.net(66.35.250.207):2401. > cvs [login aborted]: connect to > cvs.sourceforge.net(66.35.250.207):2401 failed: Connection timed out > > I can ping both these addressess just fine. > > Any ideas how I can figure out whats wrong? > I've got some more info: On this laptop with Debian Testing installed, when I'm using the network at work, I can't access my POP mail server from Mozilla Mail. I also can't access the checkout section of any of my online retailers when using the Mozilla browser. But when I use my dialup ISP, they both work fine. So whats in common between connections for POP mail, SSH, CVS, and retail checkout pages? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
On Thu, 30 Dec 2004 19:32:22 -0500, Adam Aube <[EMAIL PROTECTED]> wrote: > What kernel are you using? Linux version 2.4.27-1-386 ([EMAIL PROTECTED]) (gcc version 3.3.5 (Debian 1:3.3.5-2)) #1 Wed Dec 1 19:43:08 JST 2004 >Post the output of the following command: > > head -v `ls /proc/sys/net/ipv4/tcp*` Currently I'm at home using dialup. I'm assuming these will be the same as when I have this laptop at work on the network there: ==> /proc/sys/net/ipv4/tcp_abort_on_overflow <== 0 ==> /proc/sys/net/ipv4/tcp_adv_win_scale <== 2 ==> /proc/sys/net/ipv4/tcp_app_win <== 31 ==> /proc/sys/net/ipv4/tcp_bic <== 0 ==> /proc/sys/net/ipv4/tcp_bic_fast_convergence <== 1 ==> /proc/sys/net/ipv4/tcp_bic_low_window <== 14 ==> /proc/sys/net/ipv4/tcp_default_win_scale <== 0 ==> /proc/sys/net/ipv4/tcp_dsack <== 1 ==> /proc/sys/net/ipv4/tcp_ecn <== 0 ==> /proc/sys/net/ipv4/tcp_fack <== 1 ==> /proc/sys/net/ipv4/tcp_fin_timeout <== 60 ==> /proc/sys/net/ipv4/tcp_frto <== 0 ==> /proc/sys/net/ipv4/tcp_keepalive_intvl <== 75 ==> /proc/sys/net/ipv4/tcp_keepalive_probes <== 9 ==> /proc/sys/net/ipv4/tcp_keepalive_time <== 7200 ==> /proc/sys/net/ipv4/tcp_low_latency <== 0 ==> /proc/sys/net/ipv4/tcp_max_orphans <== 16384 ==> /proc/sys/net/ipv4/tcp_max_syn_backlog <== 1024 ==> /proc/sys/net/ipv4/tcp_max_tw_buckets <== 18 ==> /proc/sys/net/ipv4/tcp_mem <== 49152 65536 98304 ==> /proc/sys/net/ipv4/tcp_moderate_rcvbuf <== 0 ==> /proc/sys/net/ipv4/tcp_no_metrics_save <== 0 ==> /proc/sys/net/ipv4/tcp_orphan_retries <== 0 ==> /proc/sys/net/ipv4/tcp_reordering <== 3 ==> /proc/sys/net/ipv4/tcp_retrans_collapse <== 1 ==> /proc/sys/net/ipv4/tcp_retries1 <== 3 ==> /proc/sys/net/ipv4/tcp_retries2 <== 15 ==> /proc/sys/net/ipv4/tcp_rfc1337 <== 0 ==> /proc/sys/net/ipv4/tcp_rmem <== 409687380 174760 ==> /proc/sys/net/ipv4/tcp_sack <== 1 ==> /proc/sys/net/ipv4/tcp_stdurg <== 0 ==> /proc/sys/net/ipv4/tcp_synack_retries <== 5 ==> /proc/sys/net/ipv4/tcp_syncookies <== 0 ==> /proc/sys/net/ipv4/tcp_syn_retries <== 5 ==> /proc/sys/net/ipv4/tcp_timestamps <== 1 ==> /proc/sys/net/ipv4/tcp_tw_recycle <== 0 ==> /proc/sys/net/ipv4/tcp_tw_reuse <== 0 ==> /proc/sys/net/ipv4/tcp_vegas_alpha <== 2 ==> /proc/sys/net/ipv4/tcp_vegas_beta <== 6 ==> /proc/sys/net/ipv4/tcp_vegas_cong_avoid <== 0 ==> /proc/sys/net/ipv4/tcp_vegas_gamma <== 2 ==> /proc/sys/net/ipv4/tcp_westwood <== 0 ==> /proc/sys/net/ipv4/tcp_window_scaling <== 1 ==> /proc/sys/net/ipv4/tcp_wmem <== 409616384 131072 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
On Fri, 31 Dec 2004 12:57:25 +0100, Dani Belz <[EMAIL PROTECTED]> wrote: > * Norman Davis <[EMAIL PROTECTED]> [04-12-30 05:12]: > > Hi there, > > > > I'm having problems using SSH and CVS at my work. The connections > > timeout. However I can browse the internet with Mozilla just fine. > > > > But this only happens on my network at work. When I dial in to my ISP > > from home, in SSH and CVS both work fine. The network at work mostly > > has Windows machines on it, and on my Windows machine there I can use > > Putty and CVS fine. > > ... and what's your firewall settings at work??? Guess it's blocking > CVS and outgoing SSH. > > grZ > Dani I don't think they're being blocked by the firewall at work. When I take this laptop to work, and put in my other hard drive and run Windows XP, I use CVS, PuTTY, and POP email without any difficulty. (I should mention here for those unfamiliar with it that Putty is basically a SSH console for windows.) When I install my Debian hard drive and boot it, none of these work: the connection times out. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Connection timeouts with SSH and CVS
Problem solved! Our firewall is blocking ranges of incoming ports that just happens to incidentally work (usually, but not always) for windows. Too see your settings, type sysctl net.ipv4.ip_local_port_range The default is 32768 61000, and so my system had been picking incoming ports for SSH and CVS responses around 32768 initially and our firewall here was blocking that. So the solution for me is to change the ip_local_port_range: A temporary fix: sysctl -w net.ipv4.ip_local_port_range="50001 61000" Fix it permanently in /etc/sysctl.conf : net.ipv4.ip_local_port_range = 50001 61000 The symptoms of this problem are: can't connect using CVS, SSH, POP email, and can't get to the secure checkout page of an online retailer. If you have this problem you should probably play around with sysctl to find the proper range for your system on your network. Examining your Windows system may mislead you as it may be not be set totally correctly, and seem to work _most_ of the time but occasionally fail when it exceeds the firewall's range. "Just reboot" they said! Argh! Thanks to Adam and John for all their help. I hope they don't feel like they're valuable time was wasted on me. On Fri, 31 Dec 2004 19:42:41 -0500, Adam Aube <[EMAIL PROTECTED]> wrote: > Norman Davis wrote: > > On Thu, 30 Dec 2004 19:32:22 -0500, Adam Aube <[EMAIL PROTECTED]> wrote: > > >> What kernel are you using? > > > Linux version 2.4.27-1-386 ([EMAIL PROTECTED]) (gcc > > version 3.3.5 (Debian 1:3.3.5-2)) #1 Wed Dec 1 19:43:08 JST 2004 > > >>Post the output of the following command: > >> head -v `ls /proc/sys/net/ipv4/tcp*` > > > Currently I'm at home using dialup. I'm assuming these will be the > > same as when I have this laptop at work on the network there: > > The only setting that might be an issue is this: > > > ==> /proc/sys/net/ipv4/tcp_default_win_scale <== > > 0 > > Try setting it to 1 or 2 and see if that fixes the problem. Don't set it too > high - that can cause problems as well. > > Beyond that, the only thing I can suggest is using tcpdump or ethereal to > capture packets during a connection attempt. > > Adam > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]