On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
werner@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 196794 werner 12u IPv4 1409853 0t0 TCP *:20022 (LISTEN)
sshd 196794 werner 13u IPv6 1409854 0t0 TCP *:20022 (LISTEN)
On Thu, 28 Oct 2021 02:20:05 -0700 (PDT)
"hongy...@gmail.com" <hongy...@gmail.com> wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022Why do you need sudo to run lsof ?
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME[Rest of long output snipped]
sshd 196794 werner 12u IPv4 1409853 0t0 TCP *:20022 (LISTEN)
sshd 196794 werner 13u IPv6 1409854 0t0 TCP *:20022 (LISTEN)
In the whole output I only see one process with PID 196794.
On Thursday, October 28, 2021 at 7:18:17 PM UTC+8, Spiros Bousbouras wrote:
On Thu, 28 Oct 2021 02:20:05 -0700 (PDT)
"hongy...@gmail.com" <hongy...@gmail.com> wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022Why do you need sudo to run lsof ?
This is my misuse :-(
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME[Rest of long output snipped]
sshd 196794 werner 12u IPv4 1409853 0t0 TCP *:20022 (LISTEN)
sshd 196794 werner 13u IPv6 1409854 0t0 TCP *:20022 (LISTEN)
In the whole output I only see one process with PID 196794.
I really not noticed that. I mean so many sshd entries belonging to the
same process.
...$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
If I understand correctly the output of lsof , it says that one sshd process (with PID 196794) has made multiple connections. I confess that I only have a vague idea as to what a "remote port forwarding proxy" does. Is it implausible that it would open multiple connections ?
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
werner@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
And this will make SSH forwarding unavailable. Any hints for fixing
this problem?
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processesAs Spiros pointed out, they are all the same sshd process; 196794.
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
This seems like an SSH attack from 143.198.101.180 to me. Maybe
password guessing / brute forcing.
And this will make SSH forwarding unavailable. Any hints for fixingI'm guessing that you're either tripping a security feature (number of
this problem?
total connections, number in a given time, number from a specific
source, etc.). I don't see how this would actually prevent the (remote)
port forwarding from working with SSH. This seems like a denial of
service type issue.
Thank you for your in-depth analysis.
Basically, my goal is to achieve intranet penetration without public
IP.
It seems that the ssh remote port forwarding method discussed here
is not carefully designed for this purpose.
So, maybe I should switch to zerotier-one [1].
On 10/28/21 7:34 PM, hongy...@gmail.com wrote:.....
So, maybe I should switch to zerotier-one [1].
I spent a few minutes looking at ZeroTier-One. The website (as opposed
to the content) looks ... polished. They seem to be using a lot of buzz words. Many of them are used in context and correctly. What I don't
see in about five minutes time is any hint at the technology behind
their solution. So I find myself being extremely skeptical of what they
have to offer.
Of course the technology could just be ssh port forwarding hidden
behind proprietary cover.
On 10/29/21 3:43 AM, William Unruh wrote:
Of course the technology could just be ssh port forwarding hidden
behind proprietary cover.
I'm fairly certain that ZeroTier-One is not using /just/ ssh port
forwarding.
I say this because of what ssh's port forwarding does vs what
ZeroTier-One claims they do. First, ssh's port forwarding is inherently
a singular port, hence it's name. Second, ZeroTier-One claims to
emulate an Ethernet LAN of connected system, which means that it's an L2 connection. Port forwarding and L2 connections are considerably
different. Third, the "just works" comments indicate that there is a
lot more automagic / discovery that happens behind the scenes.
Yes, ssh can forward multiple ports, but that's additional configuration.
Yes, ssh can create an L2 VPN tunnel, but that's a lot of additional configuration. The emulated Ethernet LAN would also require bridging multiple L2 VPN tunnels together, something that's decidedly outside of
ssh's purview.
I'm not aware of any ssh support for auto-discovery / auto-configuration beyond DNSSEC protected SSHFP keys or certificates from a trusted SSH
root CA.
I think that there is a lot more going on under the hood behind
ZeroTier-One than meets the eye. I think it's more in the realm of SDN
and further away from ssh. It may use ssh as part of it's technology
stack, but I wouldn't bet a cup of coffee that it does. In fact I'd bet
a cup of coffee that it does not use ssh as part of it's technology stack.
What Marketing says and what the technical reality is can be very
far apart. All we have is the marketing in this case it seems.
On Thursday, October 28, 2021 at 8:32:06 PM UTC+8, hongy...@gmail.com wrote:
On Thursday, October 28, 2021 at 7:18:17 PM UTC+8, Spiros Bousbouras wrote:
On Thu, 28 Oct 2021 02:20:05 -0700 (PDT)
"hongy...@gmail.com" <hongy...@gmail.com> wrote:
On client, I run the follownig command to create a ssh based remote port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes has been started:
Based on my further tries, only the sudo can display the results:This is my misuse :-(werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022Why do you need sudo to run lsof ?
werner@Standard-PC-i440FX-PIIX-1996:~$ lsof -i :20022 werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 417861 werner 12u IPv4 3063124 0t0 TCP *:20022 (LISTEN)
sshd 417861 werner 13u IPv6 3063125 0t0 TCP *:20022 (LISTEN)
sshd 417861 werner 14u IPv4 3092408 0t0 TCP Standard-PC-i440FX-PIIX-1996.lan:20022->OpenWrt.lan:47194 (CLOSE_WAIT)
sshd 417861 werner 15u IPv4 3093870 0t0 TCP Standard-PC-i440FX-PIIX-1996.lan:20022->OpenWrt.lan:60730 (CLOSE_WAIT)
sshd 417861 werner 16u IPv4 3099227 0t0 TCP Standard-PC-i440FX-PIIX-1996.lan:20022->OpenWrt.lan:36974 (CLOSE_WAIT)
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :21080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 417861 werner 10u IPv4 3063120 0t0 TCP *:21080 (LISTEN)
sshd 417861 werner 11u IPv6 3063121 0t0 TCP *:21080 (LISTEN) werner@Standard-PC-i440FX-PIIX-1996:~$ lsof -i :21080 werner@Standard-PC-i440FX-PIIX-1996:~$
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME[Rest of long output snipped]
sshd 196794 werner 12u IPv4 1409853 0t0 TCP *:20022 (LISTEN)
sshd 196794 werner 13u IPv6 1409854 0t0 TCP *:20022 (LISTEN)
In the whole output I only see one process with PID 196794.I really not noticed that. I mean so many sshd entries belonging to the same process.
On Thursday, October 28, 2021 at 7:18:17 PM UTC+8, Spiros Bousbouras wrote:
On Thu, 28 Oct 2021 02:20:05 -0700 (PDT)
"hongy...@gmail.com" <hongy...@gmail.com> wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes
has been started:
This is my misuse :-(werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022Why do you need sudo to run lsof ?
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME[Rest of long output snipped]
sshd 196794 werner 12u IPv4 1409853 0t0 TCP *:20022 (LISTEN)
sshd 196794 werner 13u IPv6 1409854 0t0 TCP *:20022 (LISTEN)
In the whole output I only see one process with PID 196794.I really not noticed that. I mean so many sshd entries belonging to the same process.
On Friday, October 29, 2021 at 2:47:16 AM UTC+8, Grant Taylor wrote:zerotier-one [1].
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes has been started:As Spiros pointed out, they are all the same sshd process; 196794.
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like 143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
This seems like an SSH attack from 143.198.101.180 to me. MaybeThank you for your in-depth analysis. Basically, my goal is to achieve intranet penetration without public IP. It seems that the ssh remote port forwarding method discussed here is not carefully designed for this purpose. So, maybe I should switch to
password guessing / brute forcing.
And this will make SSH forwarding unavailable. Any hints for fixingI'm guessing that you're either tripping a security feature (number of total connections, number in a given time, number from a specific
this problem?
source, etc.). I don't see how this would actually prevent the (remote) port forwarding from working with SSH. This seems like a denial of
service type issue.
[1] https://github.com/zerotier/ZeroTierOne
On Friday, October 29, 2021 at 9:34:21 AM UTC+8, hongy...@gmail.com wrote:zerotier-one [1].
On Friday, October 29, 2021 at 2:47:16 AM UTC+8, Grant Taylor wrote:
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processes has been started:As Spiros pointed out, they are all the same sshd process; 196794.
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like 143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
This seems like an SSH attack from 143.198.101.180 to me. MaybeThank you for your in-depth analysis. Basically, my goal is to achieve intranet penetration without public IP. It seems that the ssh remote port forwarding method discussed here is not carefully designed for this purpose. So, maybe I should switch to
password guessing / brute forcing.
And this will make SSH forwarding unavailable. Any hints for fixing this problem?I'm guessing that you're either tripping a security feature (number of total connections, number in a given time, number from a specific source, etc.). I don't see how this would actually prevent the (remote) port forwarding from working with SSH. This seems like a denial of service type issue.
[1] https://github.com/zerotier/ZeroTierOneI find another wonderful website which collected and organized most of the open-source tools on this topic:
https://book.hacktricks.xyz/tunneling-and-port-forwarding
I'm currently studying the following tools mentioned by the above website:
https://github.com/jpillora/chisel
https://github.com/sshuttle/sshuttle
Basically, when the problem happens, I will see a lot of the following information:
$ sudo ss --tcp state CLOSE-WAIT '( sport = 20022 or dst 192.168.10.1 )' Recv-Q Send-Q Local Address:Port Peer Address:Port Process
42 0 192.168.10.101:20022 192.168.10.1:60930
42 0 192.168.10.101:20022 192.168.10.1:32776
42 0 192.168.10.101:20022 192.168.10.1:60956
Here, 192.168.10.1 is the intranet gateway interface on the router,
which has a dynamic public IP address. And 192.168.10.101 is the
intranet host which running sshd to do the ssh remote forwarding.
On 10/29/21 10:45 PM, hongy...@gmail.com wrote:
Basically, when the problem happens, I will see a lot of the following information:How many is "a lot of"? 10s, 100s, 1,000s? You may be running out
available sockets. There are all sorts of tunables around how long
stocks stay in CLOSE-WAIT and related states. The idea is turn over the sockets faster.
$ sudo ss --tcp state CLOSE-WAIT '( sport = 20022 or dst 192.168.10.1 )' Recv-Q Send-Q Local Address:Port Peer Address:Port Process
42 0 192.168.10.101:20022 192.168.10.1:60930
42 0 192.168.10.101:20022 192.168.10.1:32776
42 0 192.168.10.101:20022 192.168.10.1:60956
Here, 192.168.10.1 is the intranet gateway interface on the router,Why is your internal system seeing the intranet gateway as the (remote) source IP? I would expect it to see the real (remote) client's IP
which has a dynamic public IP address. And 192.168.10.101 is the
intranet host which running sshd to do the ssh remote forwarding.
address. This hints at a different configuration that I would not use
unless I had to.
Traditional port forwarding usually shows the real (remote) client's IP address, not the intranet gateway's IP address. This makes me think
that the intranet gateway is SNATing incoming traffic to it's own IP. I would not do that unless I had a very specific reason to do so.
On Sunday, October 31, 2021 at 7:24:41 AM UTC+8, Grant Taylor wrote:
On 10/29/21 10:45 PM, hongy...@gmail.com wrote:
Basically, when the problem happens, I will see a lot of the following information:How many is "a lot of"? 10s, 100s, 1,000s? You may be running out available sockets. There are all sorts of tunables around how long
stocks stay in CLOSE-WAIT and related states. The idea is turn over the sockets faster.
$ sudo ss --tcp state CLOSE-WAIT '( sport = 20022 or dst 192.168.10.1 )' Recv-Q Send-Q Local Address:Port Peer Address:Port Process
42 0 192.168.10.101:20022 192.168.10.1:60930
42 0 192.168.10.101:20022 192.168.10.1:32776
42 0 192.168.10.101:20022 192.168.10.1:60956
The router OS is OpenWrt for my case. This should be controlled by the following setting:Here, 192.168.10.1 is the intranet gateway interface on the router, which has a dynamic public IP address. And 192.168.10.101 is the intranet host which running sshd to do the ssh remote forwarding.Why is your internal system seeing the intranet gateway as the (remote) source IP? I would expect it to see the real (remote) client's IP
address. This hints at a different configuration that I would not use unless I had to.
Loopback source IP
Specifies whether to use the external or the internal IP address for reflected traffic.
daemon process.Traditional port forwarding usually shows the real (remote) client's IP address, not the intranet gateway's IP address. This makes me thinkIn my case, the sshd is running on an intranet host residing on the local subnetwork with the gateway 192.168.10.1, which is one of the interface of the OpenWrt router. And I set the DNAT rule on the router to forward the ssh client request to the sshd
that the intranet gateway is SNATing incoming traffic to it's own IP. I would not do that unless I had a very specific reason to do so.
HZ
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processesAs Spiros pointed out, they are all the same sshd process; 196794.
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
This seems like an SSH attack from 143.198.101.180 to me. Maybe
password guessing / brute forcing.
And this will make SSH forwarding unavailable. Any hints for fixingI'm guessing that you're either tripping a security feature (number of
this problem?
total connections, number in a given time, number from a specific
source, etc.). I don't see how this would actually prevent the (remote)
port forwarding from working with SSH. This seems like a denial of
service type issue.
On Friday, October 29, 2021 at 2:47:16 AM UTC+8, Grant Taylor wrote:
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote
port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processesAs Spiros pointed out, they are all the same sshd process; 196794.
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
This seems like an SSH attack from 143.198.101.180 to me. MaybeReally. This is absolutely not the connection initiated by myself.
password guessing / brute forcing.
There seems to be a security risk in my OpenWrt firewall. I now set the following traffic rules in `/etc/config/firewall', which seems fixed the problem:And this will make SSH forwarding unavailable. Any hints for fixingI'm guessing that you're either tripping a security feature (number of total connections, number in a given time, number from a specific
this problem?
source, etc.). I don't see how this would actually prevent the (remote) port forwarding from working with SSH. This seems like a denial of
service type issue.
config rule
option src 'wan'
option dest '*'
option target 'DROP'
list src_ip '143.110.224.0/20'
list src_ip '143.198.96.0/20'
On Saturday, October 30, 2021 at 1:38:55 PM UTC+8, hongy...@gmail.com wrote:to zerotier-one [1].
On Friday, October 29, 2021 at 9:34:21 AM UTC+8, hongy...@gmail.com wrote:
On Friday, October 29, 2021 at 2:47:16 AM UTC+8, Grant Taylor wrote:
On 10/28/21 3:20 AM, hongy...@gmail.com wrote:
On client, I run the follownig command to create a ssh based remote port forwarding proxy:
$ autossh -M 0 -4 -NT \
-o ServerAliveInterval=30 \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o StrictHostKeyChecking=no \
-R 21080:localhost:1080 \
-R 20022:localhost:22 \
wer...@my.remote.server -p 2101
Then on the server side, I observed there are too many sshd processesAs Spiros pointed out, they are all the same sshd process; 196794.
has been started:
werner@Standard-PC-i440FX-PIIX-1996:~$ sudo lsof -i :20022If I've tracked the topology correctly, those all look like 143.198.101.180 connected to port 20022 on the remote server which is forwarded through SSH to port 22 on the client.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
This seems like an SSH attack from 143.198.101.180 to me. Maybe password guessing / brute forcing.Thank you for your in-depth analysis. Basically, my goal is to achieve intranet penetration without public IP. It seems that the ssh remote port forwarding method discussed here is not carefully designed for this purpose. So, maybe I should switch
And this will make SSH forwarding unavailable. Any hints for fixing this problem?I'm guessing that you're either tripping a security feature (number of total connections, number in a given time, number from a specific source, etc.). I don't see how this would actually prevent the (remote)
port forwarding from working with SSH. This seems like a denial of service type issue.
[1] https://github.com/zerotier/ZeroTierOneI find another wonderful website which collected and organized most of the open-source tools on this topic:
https://book.hacktricks.xyz/tunneling-and-port-forwardingThe author's GitHub repository is here:
https://github.com/carlospolop/hacktricks.git
I'm currently studying the following tools mentioned by the above website:
https://github.com/jpillora/chisel
https://github.com/sshuttle/sshuttle
If I use the following setting: Use external IP address, then I will
see the following result reported by ss:
$ sudo ss --tcp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 192.168.10.101:ssh 60.6.xxx.xxx:40736
ESTAB 0 0 192.168.10.101:ssh 106.9.xxx.xxx:60126
Really. This is absolutely not the connection initiated by myself.
On 10/30/21 8:13 PM, hongy...@gmail.com wrote:
If I use the following setting: Use external IP address, then I willIt seems as if you have found and corrected what I was describing as a sub-par configuration.
see the following result reported by ss:
$ sudo ss --tcpThat is exactly the type of output that I would expect.
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 192.168.10.101:ssh 60.6.xxx.xxx:40736
ESTAB 0 0 192.168.10.101:ssh 106.9.xxx.xxx:60126
I wonder if you will have any connection issues now. -- My thought is
that there was a security setting somewhere that you were tickling
related to the maximum number of connections from a singular IP. Now
the connections will appear to be from their real IP, not your gateway's IP.
Do you mean something like the following?
root@OpenWrt:~# sysctl net.nf_conntrack_max
net.nf_conntrack_max = 16384
On 10/31/21 8:22 PM, hongy...@gmail.com wrote:
Do you mean something like the following?
root@OpenWrt:~# sysctl net.nf_conntrack_maxThat's not the setting that I was thinking of. But, yes, it's within
net.nf_conntrack_max = 16384
the group of settings.
tcp_fin_timeout seems to be one of the values I was thinking of.
There are a number of TCP related sys controls.
Link - IP Sysctl - /proc/sys/net/ipv4/* Variables
- https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html
Admittedly, I've so rarely needed to change any timeout settings.
Plenty of other settings, but not timeout related.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 76:03:03 |
Calls: | 6,657 |
Calls today: | 3 |
Files: | 12,203 |
Messages: | 5,332,732 |
Posted today: | 1 |