This one is hard to explain in a subject, I don't think I have done it justice there.
It is an odd one and one I think will be fixed with a network restart, or system reboot. It all started after I had some issues with an ezjail restart getting stuck on a jail and I had to do some manual killing. But I am interested to learn more about this.
Environment = pfSense firewall that has a rule to direct traffic on port 11000 to the FreeBSD 9.2 server (I'll refer to this machine as 'server' from here on).
This has all been running smoothly for 6-12 months or more.
Simple tcpdump run on the server when a SSH connection is coming in from an internet origin: http://paste.ubuntu.com/8095045
I'll need to restart the network and get this working soon, but I am very curious to learn about what this could be or ways on FreeBSD to more deeply inspect this and the network stack.
It is an odd one and one I think will be fixed with a network restart, or system reboot. It all started after I had some issues with an ezjail restart getting stuck on a jail and I had to do some manual killing. But I am interested to learn more about this.
Environment = pfSense firewall that has a rule to direct traffic on port 11000 to the FreeBSD 9.2 server (I'll refer to this machine as 'server' from here on).
This has all been running smoothly for 6-12 months or more.
- If I
ssh
to the server from the LAN, no problems. ssh
from the internet on port 11000 fails- a
tcpdump
on the server when trying the above sees packets getting to the server on its internal port 22, as I would expect. - If I change the firewall rule to point to a different machine inside the network, all works as expected.
- I put sshd on the server into debug mode, when nothing is reported when an SSH connections comes in over NAT from the firewall.
Simple tcpdump run on the server when a SSH connection is coming in from an internet origin: http://paste.ubuntu.com/8095045
I'll need to restart the network and get this working soon, but I am very curious to learn about what this could be or ways on FreeBSD to more deeply inspect this and the network stack.