Red Hat Bugzilla – Bug 72723
SSH port forwarding non-functional.
Last modified: 2007-04-18 12:46:04 EDT
Description of Problem:
Set-up of ssh local port forwarding results in the xterm/shell in which the ssh
command was launched, "locking" up.
I have disabled the firewall (using iptables -F and through the setup command).
The problem does not occur on the limbo release.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ssh -L localPort:remotehost:remotePort firstname.lastname@example.org
2. in a different shell type vncviewer localhost:localPort
3. This is some data exchanged e.g VNC prompts for the server password.
Howerver, all traffic ceases thereafter.
Similar problems occur when port forwarding imap ports e.g 143.
I tried and failed to reproduce this on (null). In other words, WORKSFORME...
I also have this problem using the openssh on Redhat 8.0. X11 port forwarding
is broken when ssh'ing from a Red Hat 7.3 box to a Red Hat 8.0. Instead of
forwarding X11 data through ssh, it tries to send the X11 traffic outside the
ssh session. I get a message stating that it couldn't reach the display.
Looking at the iptables log messages on the the Red Hat 7.3 machines shows that
the Red Hat 8.0 box was attempting to send data directly to port 6010 on the Red
Hat 7.3 box. So, I suggest you configure your test box to reject all incoming
connections. I bet it won't work for you then.
It works fine when ssh'ing from the Red Hat 8.0 box to the Red Hat 7.3 box.
I had same the problem that was reported by email@example.com. After
doing analysis of many packets, I found the problem I was have was with ECN.
net.ipv4.tcp_ecn = 0
to /etc/sysctl.conf, then rebooting my system has solved the problem for me. I
do not know if it will help anybody else, but it works for me.
Could be an MTU mismatch. The usual suspects are a firewall, NAT
device, or PPPoE between server and client. See
Is anyone still having this problem with Fedora Core or Red Hat
Enterprise Linux? If not, then this is a stale bug that needs to be
No response to comment #5.