Thank you it worked. I added the dns info about the host trying to connect in the firewalls /etc/hosts file and I guess it was able to resolve the host name without doing a dns look-up externally.
Thanks >From: "Jason Sopko" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: RE: sshd sending packets outside lan during local connection >Date: Sun, 13 Jan 2002 22:44:42 -0500 > >I didn't look at your tcpdump output but I'd assume it's trying to >resolve the in-addr.arpa record for the internal IP address and failing. >Try setting up BIND to resolve PTR records for the internal network IP >addresses and make sure that the server is configured to look to itself >for DNS. Hope this helps. > >///Jason > >-----Original Message----- >From: Jeff Stevens [mailto:[EMAIL PROTECTED]] >Sent: Sunday, January 13, 2002 10:27 PM >To: [EMAIL PROTECTED] >Subject: sshd sending packets outside lan during local connection > > >I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and > >bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall >for >a local network. It has 2 nic cards, one with an internal ip and one >with >an external ip. >When I ssh locally (to the internal ip)to this firewall it sends out >packets >to my ISP. If I unplug the "external ip" nic before entering the >password >then the connection pauses for about a minute before connecting. > >I am no expert as I have just started using Debian, but it seems like >the >password is being sniffed. I'm not exactly sure what the tcpdump output > >shows (ATTACHED with route info) but it seems to be doing a domain name >look >up (but I could be wrong). I have no idea why it would have to do a >domain >look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is > >inside the local network. > >Earlier I made the mistake of offering bind publicly. I recently >changed >this but I don't know if I was compromised during the time it was >public. I >am hoping this is just a misconfiguration problem. Any suggestions >would be >greatly appreciated. Thanks in advance. > >--Jeff >Debian user > > >_________________________________________________________________ >Join the world's largest e-mail service with MSN Hotmail. >http://www.hotmail.com > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact >[EMAIL PROTECTED] > _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]