Re: Do I have an ssh problem?

On 11/09/2007, Les <hlhowell pacbell net> wrote:

> I had the same problem on FC6.  I asked lots of questions got lots of
> advice leading to iptables in the firewall being part of the problem.
> Finally I turned off the firewall, and things worked ok.  I am now
> slowly going through the iptables and playing with combinations, to see
> what in there is mucking up the transfers.  But it seems related to
> several things affecting different bits of the process.
> I can't isolate it well yet.
> If you have a separate firewall isolating you from the net threats as I
> do, then you can pretty safely turn off the machines firewall and see if
> it helps.

I have had probelms with scp of large files between two boxes  each
behind a firewall - the scp would stalll after a few kb (the machine
wouldn't crash though). Turns out that one of the firewalls was
somehow causing many packets to be out of the TCP window.

doing an

echo 1 > /proc/sys/netfilter/nf_conntrack_tcp_be_liberal

fixed that for me. To make it persistent accross rebotts you need to
add this line to /etc/sysctl.conf

net.netfilter.nf_conntrack_tcp_be_liberal = 1

Another thing you might want to turn off is tcp window scaling - read
about that here:


However, I would not have expected any of these things to cause a box to hang.

