[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Connection timeouts with SSH and CVS

Problem solved! 

Our firewall is blocking ranges of incoming ports that just happens to
incidentally work (usually, but not always) for windows.

Too see your settings, type 

sysctl net.ipv4.ip_local_port_range

The default is 32768 61000, and so my system had been picking incoming
ports for SSH and CVS responses around 32768 initially and our
firewall here was blocking that.

So the solution for me is to change the ip_local_port_range:

A temporary fix:
sysctl -w net.ipv4.ip_local_port_range="50001   61000"

Fix it permanently in /etc/sysctl.conf :
net.ipv4.ip_local_port_range = 50001 61000

The symptoms of this problem are: can't connect using CVS, SSH, POP
email, and can't get to the secure checkout page of an online

If you have this problem you should probably play around with sysctl
to find the proper range for your system on your network. Examining
your Windows system may mislead you  as it may be not be set totally
correctly, and seem to work _most_ of the time but occasionally fail
when it exceeds the firewall's range. "Just reboot" they said! Argh!

Thanks to Adam and John for all their help. I hope they don't feel
like they're valuable time was wasted on me.

On Fri, 31 Dec 2004 19:42:41 -0500, Adam Aube <aaube01@baker.edu> wrote:
> Norman Davis wrote:
> > On Thu, 30 Dec 2004 19:32:22 -0500, Adam Aube <aaube01@baker.edu> wrote:
> >> What kernel are you using?
> > Linux version 2.4.27-1-386 (horms@tabatha.lab.ultramonkey.org) (gcc
> > version 3.3.5 (Debian 1:3.3.5-2)) #1 Wed Dec 1 19:43:08 JST 2004
> >>Post the output of the following command:
> >> head -v `ls /proc/sys/net/ipv4/tcp*`
> > Currently I'm at home using dialup. I'm assuming these will be the
> > same as when I have this laptop at work on the network there:
> The only setting that might be an issue is this:
> > ==> /proc/sys/net/ipv4/tcp_default_win_scale <==
> > 0
> Try setting it to 1 or 2 and see if that fixes the problem. Don't set it too
> high - that can cause problems as well.
> Beyond that, the only thing I can suggest is using tcpdump or ethereal to
> capture packets during a connection attempt.
> Adam
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: