72723 – SSH port forwarding non-functional.

Bug 72723 - SSH port forwarding non-functional.

Summary: SSH port forwarding non-functional.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openssh
Sub Component:
Version:	8.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-08-26 23:12 UTC by Sandip Patel
Modified:	2007-04-18 16:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-07 12:46:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sandip Patel 2002-08-26 23:12:39 UTC

Description of Problem:
Set-up of ssh local port forwarding results in the xterm/shell in which the ssh
command was launched, "locking" up. 
I have disabled the firewall (using iptables -F and through the setup command).

The problem does not occur on the limbo release. 

Version-Release number of selected component (if applicable):
open-ssh_3.4p1,sshprotocols1.5/2.0;openssh0x0090602f

How Reproducible:
100% reproducible

Steps to Reproduce:
1. ssh -L localPort:remotehost:remotePort user
2. in a different shell type vncviewer localhost:localPort
3. This is some data exchanged e.g VNC prompts for the server password.
Howerver, all traffic ceases thereafter. 

Actual Results:


Expected Results:


Additional Information:
Similar problems occur when port forwarding imap ports e.g 143.

Comment 1 Barry K. Nathan 2002-08-27 08:45:05 UTC

I tried and failed to reproduce this on (null). In other words, WORKSFORME...

Comment 2 tbeckman 2002-12-19 03:36:58 UTC

I also have this problem using the openssh on Redhat 8.0.  X11 port forwarding
is broken when ssh'ing from a Red Hat 7.3 box to a Red Hat 8.0.  Instead of
forwarding X11 data through ssh, it tries to send the X11 traffic outside the
ssh session.  I get a message stating that it couldn't reach the display. 
Looking at the iptables log messages on the the Red Hat 7.3 machines shows that
the Red Hat 8.0 box was attempting to send data directly to port 6010 on the Red
Hat 7.3 box.  So, I suggest you configure your test box to reject all incoming
connections.  I bet it won't work for you then.

It works fine when ssh'ing from the Red Hat 8.0 box to the Red Hat 7.3 box.

Comment 3 George France 2003-03-24 17:50:56 UTC

I had same the problem that was reported by tbeckman.  After
doing analysis of many packets, I found the problem I was have was with ECN. 
Appending:

#disable ECN
net.ipv4.tcp_ecn = 0

to /etc/sysctl.conf, then rebooting my system has solved the problem for me.  I
do not know if it will help anybody else, but it works for me.

Best Regards,



--George

Comment 4 Darren Tucker 2003-11-05 08:17:07 UTC

Could be an MTU mismatch.  The usual suspects are a firewall, NAT
device, or PPPoE between server and client.  See
http://www.snailbook.com/faq/mtu-mismatch.auto.html

Comment 5 Barry K. Nathan 2004-07-14 14:07:21 UTC

Is anyone still having this problem with Fedora Core or Red Hat
Enterprise Linux? If not, then this is a stale bug that needs to be
closed...

Comment 6 Tomas Mraz 2005-02-07 12:46:47 UTC

No response to comment #5.

Note You need to log in before you can comment on or make changes to this bug.