We're experiencing som extremely weird networking problems at our office, now I know this (probably) isn't a Checkpoint related problem, but I'm trying this mailing list in order to get an idea of what to do next, or which forums/web sites/mailing lists I really should direct my request at, since I haven't found any dedicated, *good* networking forums on Google.
Here is the problem: Last Friday morning, I was unable to SSH into the Sun servers at our office, the SSH client just hung at connecting. It worked as normal Thursday evening when we left so I thought this was a Windows problem, but after rebooting the laptop as well as another employee complained about the same problem, it turned out there's something weird going on with our network. What happens is this: 1: (Everything is on the same subnet, behind a Nokia IP-330 NG AI firewall. The switch is layer 2 so it doesn't route anything. No configuration has been changed on the switch, the firewall, servers or office PC's) 2: We can SSH into 1 of 4 Sun servers 3: ALL servers are reachable by FTP, ping and HTTP (not tried anything else, but enabled Telnet once and it produced the exact same result, i.e. hung), but not SSH 4: What turns up in var/adm/messages when we try SSH is this: "Apr 18 10:04:29 jupiter sshd[15028]: [ID 800047 auth.crit] fatal: Timeout before authentication for x.x.x.x" - to me indicating that the packet and response from the servers *seems* to be routed somewhere else 5: If we use SSH from our 3 remote production sites which are on the same VPN or even using a remote PC with SecureClient, we can reach these servers with no problems whatsoever 6: We can SSH from one server to the other between these 3, we can even SSH into the fourth server from these 3, (the latter is also the only one reachable from our office PC's with SSH), but SSH from this fourth server hangs to the other 3 7: Using SmartTracker I can't see any log captured SSH packets, so everything seems to be going on locally on the switch/backbone, not going via the gateway at all 8: I've rebooted the switch twice, I even rebooted the servers *and* the firewall and the problem still persists 9: I unplugged every cable from the switch one by one, while another employee tried SSH into a server. SSH failed every single time 10: I replaced the switch this morning with an identical model and configuration, but the problem still persists 11: On 2 of 3 servers I can sometimes get lucky and a SSH session is successfully established -- after a looooong time. None of the other employees gets an established session 12: SSH to the firewall and a Linux box on the same subnet works perfectly 13: Just poking around I tried route -f on one of the servers. I was able to SSH into it every single time, but still none of the other employees were. Of course the gateway address disappeared with the route flushed. After a reboot the server went back to "normal" and I was unable to SSH into it again 14: This happens with SecureSSH (4.1/5.0), Putty and OpenSSH (various versions) installed on the servers So that's it, I've tried about everything I can think of, but use a packet sniffer, even though I'm not sure if it will produce any results. I do suspect this to be a routing issue even though I can't see any 'mal-routed' packets on the firewall. Has anyone an idea of what I can try next, or perhaps provide me with a link to some networking forum where I can ask about this? Or, which syntax is correct for fw monitor -e - I want to use source/destination server/my laptop for SSH in order to see if any packets are routed externally for some reason. Would 'fw monitor -e 'src=server;' AND 'dst=laptop' be correct? -- Stig Bull Networking and Systems Administrator Hugin ASA http://www.hugincorporate.com Phone: +47 22 80 79 89 Mobile: +47 91 60 88 74 Fax: +47 22 80 79 79 - Your reputation connects through Hugin ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
