[lug] Cannot tunnel through SSH all of a sudden

David Morris lists at morris-clan.net
Mon Aug 2 22:01:12 MDT 2004 

On Mon, Aug 02, 2004 at 03:30:05PM -0600, Dhruva B. Reddy wrote:
> I have been using SSH to tunnel from work through to my Squid server at
> home.  Until recently, it worked like a charm, but now when I configure
> browser to point to the proxy, it just hangs (the browser appears to
> keep trying to get the resource, but it never seems to).  Also, from the
> squid logs, the request doesn't seem to actually make it to the proxy
> server.
> 
> I don't remember making any config changes to either SSH or Squid.  I
> can SSH from the Internet just fine, and I can access Squid from within
> my LAN.

As I do much the same setup, a few thoughts:

- Check for an old ssh session running on the client.
- Restart squid, just because its running doesn't mean
  something didn't go berserk internally (happened to me
  once).
- If you have a firewall on that server machine, check any
  recent rule changes that would block the port or packets
- Try using a raw IP address instead of hostname, perhaps
  the wrong address is being retrieved (check DNS and
  /etc/hosts).  If you use NAT (or IP Masquerading) remember
  that the target server name gets lookup up by the *client*
  machine, which would get a public IP address rather than a
  private IP address.  This also has implications for your
  firewall in a NAT/Masquerade setup as it will see an
  outside IP address from an inside network and (normally)
  drop the packet.

I haven't used the 2.6 kernel extensively yet, but from what
I do know of it I cannot think of anything that would be an
issue unless you've come accross a bug.  You might try
rebooting the server as well (to help rule out a kernel-bug
that put the system into a fubar'd state.

BTW, anyone using an SSH/Squid tunnel ever have it drop the
connection on you every 2 minutes (or so), but all other
tunnels do not?  Not really a problem as I put the tunnel
connection in a while loop, but on occation its annoying.

Good luck!

--David


----- End forwarded message -----

More information about the LUG mailing list