Murphy strikes! SSH proxying is broken just as firewall goes up
October 19, 2008 8:25 PM   Subscribe

In a classic demonstration of Murphy's Law, the SSH service on my VPS server is not proxying requests on the same day that a network firewall was installed. Please help!

Here are the details (sorry if the rest of the question sounds a bit frantic...)

1. I have a client PC running Windows XP SP2 from which I access sites running non-default ports (Cpanel, Webmin etc.) via a SSH proxy.

2. The SSH proxy is running on a separate server. I use the Tunnelier software to provide proxy services. I log into the SSH service using a unprivileged account (account has no sudo access etc.)

3. The VPS Server running the SSH daemon is on CentOS 5, OpenSSH_4.3p2

4. The server does not have any firewall running (although CSF is installed):

# ps aux | grep csf
root 24232 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep csf
# ps aux | grep iptables
root 24278 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep iptables

5. The contents of my sshd_config file can be seen here

I can log into the SSH service successfully, however whenever I try to go to any website on the client, the SSH proxy log shows:
10:08:31.031 Closing SOCKS5 connection from 128.236.48.58:1753, sent: 0, received: 0.
10:08:31.031 SOCKS5 connection from 128.236.48.58:1753 failed: Client connection closed before completion of protocol.
10:08:34.034 Closing SOCKS5 connection from 128.236.48.58:1754, sent: 0, received: 0.
10:08:34.034 SOCKS5 connection from 128.236.48.58:1754 failed: Client connection closed before completion of protocol.
The log is filled with these sort of failed connections.

Further details:

1. The SSH proxy server isn't running any firewall, neither is the client.
2. The network does not block port 22 at the firewall for the SSH proxy server.
3. I have a second much slower SSH connection on the same server, and proxying through this second account works. So that tells me it's not a problem on my network end, it's the SSH server.
4. I have tried to log on to the SSH service using a high privilege account (sudo su access enabled) and then proxying, but that doesn't work either.

Any ideas, suggestions?
posted by your mildly obsessive average geek to Computers & Internet (1 answer total)
 
Turns out it was because the iptables firewall got re-enabled on the VPS instance - current versions of OpenVZ environments have severe conflicts with iptables-based firewalls.
posted by your mildly obsessive average geek at 7:28 PM on October 20, 2008


« Older Help me help my friend into politics   |   Denied boarding on overbooked flight - now wish to... Newer »
This thread is closed to new comments.