Connection timeouts with SSH and CVS

2004-12-29 Thread Norman Davis
Hi there,

I'm having problems using SSH and CVS at my work. The connections
timeout. However I can browse the internet with Mozilla just fine.

But this only happens on my network at work. When I dial in to my ISP
from home, in SSH and CVS both work fine. The network at work mostly
has Windows machines on it, and on my Windows machine there I can use
Putty and CVS fine.

I'm running Debian Testing, installed over the net a couple days ago
with a recent version of the installer.

Here's how SSH looks at work (except the IP address is changed to
protect the guilty), with verbose turned on :

[EMAIL PROTECTED]:~$ ssh -v [EMAIL PROTECTED]
OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 999.999.999.999 [999.999.999.999] port 22.
debug1: connect to address 999.999.999.999 port 22: Connection timed out
ssh: connect to host 999.999.999.999 port 22: Connection timed out

And CVS with trace turned on :
[EMAIL PROTECTED]:~$ cvs -t
d:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc login
  -> parse_cvsroot ( :pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc )
  -> main loop with
CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc
Logging in to :pserver:[EMAIL PROTECTED]:2401/cvsroot/mspgcc
CVS password:
  -> Connecting to cvs.sourceforge.net(66.35.250.207):2401.
cvs [login aborted]: connect to
cvs.sourceforge.net(66.35.250.207):2401 failed: Connection timed out

I can ping both these addressess just fine.

Any ideas how I can figure out whats wrong?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2004-12-30 Thread Norman Davis
On Thu, 30 Dec 2004 05:27:50 -0800, Brian <[EMAIL PROTECTED]> wrote:
> Norman Davis wrote:
> > Hi there,
> >
> > I'm having problems using SSH and CVS at my work. The connections
> > timeout. However I can browse the internet with Mozilla just fine.
> >
> > But this only happens on my network at work. When I dial in to my ISP
> > from home, in SSH and CVS both work fine. The network at work mostly
> > has Windows machines on it, and on my Windows machine there I can use
> > Putty and CVS fine.
> 
> Does SSH & no CVS function correctly at work?
> 
> Brian
> 
I can't CVS to sourceforge.net from work and I can't SSH to another
companies server from my debian Testing install at work.

I should've mentioned this is all on the same laptop:

When running the laptop with Debian Testing at home, over dialup I can
CVS to sourceforge.net and I can SSH into another company's server
over the internet.

When I take that laptop to work and hook into the network the CVS and
SSH connections won't start, they timeout before anything starts. (I
can still browse with Mozilla.)

If I switch out my hard drive in that laptop and run Windows XP at
work with the same network connection, I can use CVS and PuTTY (for
SSH connection) just fine.

I'm not running CVS over SSH. I'm using the two programs seperately. I
noticed they both complain about connection timeouts and am hoping
this is a clue.

Any ideas? Thanks.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2004-12-30 Thread Norman Davis
On Thu, 30 Dec 2004 13:02:26 -0500, Adam Aube <[EMAIL PROTECTED]> wrote:
>
> Is ECN off (/proc/sys/net/ipv4/tcp_ecn)? You can check/set it with sysctl.
> 

net.ipv4.tcp_ecn was 0. I just now set it to 1. CVS and SSH still don't work.

I guess I want to leave net.ipv4.tcp_ecn at 0?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2004-12-30 Thread Norman Davis
On Wed, 29 Dec 2004 21:12:01 -0700, Norman Davis
<[EMAIL PROTECTED]> wrote:
> Hi there,
> 
> I'm having problems using SSH and CVS at my work. The connections
> timeout. However I can browse the internet with Mozilla just fine.
> 
> But this only happens on my network at work. When I dial in to my ISP
> from home, in SSH and CVS both work fine. The network at work mostly
> has Windows machines on it, and on my Windows machine there I can use
> Putty and CVS fine.
> 
> I'm running Debian Testing, installed over the net a couple days ago
> with a recent version of the installer.
> 
> Here's how SSH looks at work (except the IP address is changed to
> protect the guilty), with verbose turned on :
> 
> [EMAIL PROTECTED]:~$ ssh -v [EMAIL PROTECTED]
> OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 999.999.999.999 [999.999.999.999] port 22.
> debug1: connect to address 999.999.999.999 port 22: Connection timed out
> ssh: connect to host 999.999.999.999 port 22: Connection timed out
> 
> And CVS with trace turned on :
> [EMAIL PROTECTED]:~$ cvs -t
> d:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc login
>   -> parse_cvsroot ( :pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc )
>   -> main loop with
> CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot/mspgcc
> Logging in to :pserver:[EMAIL PROTECTED]:2401/cvsroot/mspgcc
> CVS password:
>   -> Connecting to cvs.sourceforge.net(66.35.250.207):2401.
> cvs [login aborted]: connect to
> cvs.sourceforge.net(66.35.250.207):2401 failed: Connection timed out
> 
> I can ping both these addressess just fine.
> 
> Any ideas how I can figure out whats wrong?
> 

I've got some more info:
On this laptop with Debian Testing installed, when I'm using the
network at work, I can't access my POP mail server from Mozilla Mail.
I also can't access the checkout section of any of my online retailers
when using the Mozilla browser. But when I use my dialup ISP, they
both work fine.

So whats in common between connections for POP mail, SSH, CVS, and
retail checkout pages?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2004-12-30 Thread Norman Davis
On Thu, 30 Dec 2004 19:32:22 -0500, Adam Aube <[EMAIL PROTECTED]> wrote:
> What kernel are you using? 

Linux version 2.4.27-1-386 ([EMAIL PROTECTED]) (gcc
version 3.3.5 (Debian 1:3.3.5-2)) #1 Wed Dec 1 19:43:08 JST 2004

>Post the output of the following command:
> 
> head -v `ls /proc/sys/net/ipv4/tcp*`

Currently I'm at home using dialup. I'm assuming these will be the
same as when I have this laptop at work on the network there:

==> /proc/sys/net/ipv4/tcp_abort_on_overflow <==
0

==> /proc/sys/net/ipv4/tcp_adv_win_scale <==
2

==> /proc/sys/net/ipv4/tcp_app_win <==
31

==> /proc/sys/net/ipv4/tcp_bic <==
0

==> /proc/sys/net/ipv4/tcp_bic_fast_convergence <==
1

==> /proc/sys/net/ipv4/tcp_bic_low_window <==
14

==> /proc/sys/net/ipv4/tcp_default_win_scale <==
0

==> /proc/sys/net/ipv4/tcp_dsack <==
1

==> /proc/sys/net/ipv4/tcp_ecn <==
0

==> /proc/sys/net/ipv4/tcp_fack <==
1

==> /proc/sys/net/ipv4/tcp_fin_timeout <==
60

==> /proc/sys/net/ipv4/tcp_frto <==
0

==> /proc/sys/net/ipv4/tcp_keepalive_intvl <==
75

==> /proc/sys/net/ipv4/tcp_keepalive_probes <==
9

==> /proc/sys/net/ipv4/tcp_keepalive_time <==
7200

==> /proc/sys/net/ipv4/tcp_low_latency <==
0

==> /proc/sys/net/ipv4/tcp_max_orphans <==
16384

==> /proc/sys/net/ipv4/tcp_max_syn_backlog <==
1024

==> /proc/sys/net/ipv4/tcp_max_tw_buckets <==
18

==> /proc/sys/net/ipv4/tcp_mem <==
49152   65536   98304

==> /proc/sys/net/ipv4/tcp_moderate_rcvbuf <==
0

==> /proc/sys/net/ipv4/tcp_no_metrics_save <==
0

==> /proc/sys/net/ipv4/tcp_orphan_retries <==
0

==> /proc/sys/net/ipv4/tcp_reordering <==
3

==> /proc/sys/net/ipv4/tcp_retrans_collapse <==
1

==> /proc/sys/net/ipv4/tcp_retries1 <==
3

==> /proc/sys/net/ipv4/tcp_retries2 <==
15

==> /proc/sys/net/ipv4/tcp_rfc1337 <==
0

==> /proc/sys/net/ipv4/tcp_rmem <==
409687380   174760

==> /proc/sys/net/ipv4/tcp_sack <==
1

==> /proc/sys/net/ipv4/tcp_stdurg <==
0

==> /proc/sys/net/ipv4/tcp_synack_retries <==
5

==> /proc/sys/net/ipv4/tcp_syncookies <==
0

==> /proc/sys/net/ipv4/tcp_syn_retries <==
5

==> /proc/sys/net/ipv4/tcp_timestamps <==
1

==> /proc/sys/net/ipv4/tcp_tw_recycle <==
0

==> /proc/sys/net/ipv4/tcp_tw_reuse <==
0

==> /proc/sys/net/ipv4/tcp_vegas_alpha <==
2

==> /proc/sys/net/ipv4/tcp_vegas_beta <==
6

==> /proc/sys/net/ipv4/tcp_vegas_cong_avoid <==
0

==> /proc/sys/net/ipv4/tcp_vegas_gamma <==
2

==> /proc/sys/net/ipv4/tcp_westwood <==
0

==> /proc/sys/net/ipv4/tcp_window_scaling <==
1

==> /proc/sys/net/ipv4/tcp_wmem <==
409616384   131072


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2004-12-31 Thread Norman Davis
On Fri, 31 Dec 2004 12:57:25 +0100, Dani Belz <[EMAIL PROTECTED]> wrote:
> * Norman Davis <[EMAIL PROTECTED]> [04-12-30 05:12]:
> > Hi there,
> >
> > I'm having problems using SSH and CVS at my work. The connections
> > timeout. However I can browse the internet with Mozilla just fine.
> >
> > But this only happens on my network at work. When I dial in to my ISP
> > from home, in SSH and CVS both work fine. The network at work mostly
> > has Windows machines on it, and on my Windows machine there I can use
> > Putty and CVS fine.
> 
> ... and what's your firewall settings at work??? Guess it's blocking
> CVS and outgoing SSH.
> 
> grZ
> Dani

I don't think they're being blocked by the firewall at work. When I
take this laptop to work, and put in my other hard drive and run
Windows XP, I use CVS, PuTTY, and POP email without any difficulty. 
(I should mention here for those unfamiliar with it that Putty is
basically a SSH console for windows.)  When I install my Debian hard
drive and boot it, none of these work: the connection times out.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Connection timeouts with SSH and CVS

2005-01-03 Thread Norman Davis
Problem solved! 

Our firewall is blocking ranges of incoming ports that just happens to
incidentally work (usually, but not always) for windows.

Too see your settings, type 

sysctl net.ipv4.ip_local_port_range

The default is 32768 61000, and so my system had been picking incoming
ports for SSH and CVS responses around 32768 initially and our
firewall here was blocking that.

So the solution for me is to change the ip_local_port_range:

A temporary fix:
sysctl -w net.ipv4.ip_local_port_range="50001   61000"

Fix it permanently in /etc/sysctl.conf :
net.ipv4.ip_local_port_range = 50001 61000

The symptoms of this problem are: can't connect using CVS, SSH, POP
email, and can't get to the secure checkout page of an online
retailer.

If you have this problem you should probably play around with sysctl
to find the proper range for your system on your network. Examining
your Windows system may mislead you  as it may be not be set totally
correctly, and seem to work _most_ of the time but occasionally fail
when it exceeds the firewall's range. "Just reboot" they said! Argh!

Thanks to Adam and John for all their help. I hope they don't feel
like they're valuable time was wasted on me.

On Fri, 31 Dec 2004 19:42:41 -0500, Adam Aube <[EMAIL PROTECTED]> wrote:
> Norman Davis wrote:
> > On Thu, 30 Dec 2004 19:32:22 -0500, Adam Aube <[EMAIL PROTECTED]> wrote:
> 
> >> What kernel are you using?
> 
> > Linux version 2.4.27-1-386 ([EMAIL PROTECTED]) (gcc
> > version 3.3.5 (Debian 1:3.3.5-2)) #1 Wed Dec 1 19:43:08 JST 2004
> 
> >>Post the output of the following command:
> >> head -v `ls /proc/sys/net/ipv4/tcp*`
> 
> > Currently I'm at home using dialup. I'm assuming these will be the
> > same as when I have this laptop at work on the network there:
> 
> The only setting that might be an issue is this:
> 
> > ==> /proc/sys/net/ipv4/tcp_default_win_scale <==
> > 0
> 
> Try setting it to 1 or 2 and see if that fixes the problem. Don't set it too
> high - that can cause problems as well.
> 
> Beyond that, the only thing I can suggest is using tcpdump or ethereal to
> capture packets during a connection attempt.
> 
> Adam
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]