DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th July 2011
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 43
Default BSD Router Login Issue

Why can't I login to my BSD router locally via SSH when there is no WAN connection? I noticed this the other night when I lost my internet connection. I tried to login to my BSD router to see if that was the problem but it just hung at the login prompt not accepting keyboard input. Not wanting to ruin my uptime on the box by rebooting it I called my ISP first to see if they were down in my area. Turns out my cable ISP is upgrading the infrastructure in my area to add phone service so there is on going disruptions while this is happening, usually in the wee morning hours when most people are sleeping. Sometimes the cable modem lights are all still lit up showing that it's connected but it's really not and when I power it off and on then it shows the correct state it is in. Anyway, what I have discovered is that when my WAN connection is down I can't login to my BSD router locally via SSH using the internal IP address. For testing purposes I just disconnected my WAN cable while my internet is working and get the same problem. I set the ListenAddress in sshd_config to the internal NIC IP and restarted sshd but that didn't help. I've Googled but can't find an answer to this problem. This doesn't make sense to me so hopefully someone can shed some light on this for me.

Here is my pf.conf.
Code:
# macros
int_if="xl0"
ext_if="xl1"
whs="192.168.0.50"
pc1="192.168.0.20"
pc2="192.168.0.21"
websrv="192.168.0.55"

# options
set block-policy drop
set loginterface $ext_if
set skip on lo

# match rules
match in all scrub (no-df)
match out on egress inet from !(egress) to any nat-to (egress:0)

# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp to (egress) port 80 rdr-to $websrv synproxy state
pass in on egress inet proto tcp to (egress) port 443 rdr-to $whs synproxy state
pass in on egress inet proto tcp to (egress) port 5900 rdr-to $pc1 synproxy state
pass in on egress inet proto tcp to (egress) port 5901 rdr-to $pc2 synproxy state
pass in log on $int_if
Reply With Quote
  #2   (View Single Post)  
Old 29th July 2011
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Have you looked at the pflog with tcpdump? are ssh packets getting blocked? is sshd listening on the private address? you could confirm this using nc(1) or by using fstat(8)/netstat(8).

If DNS is not properly configured on your network that can cause a noticeable delay connecting to SSH.. a solution to this is setting UseDNS to no in sshd_config(5), I believe this may be the case as your pf rules don't indicate you pass in remote ssh connections.

So, at this point all I can give is conjecture.. please let us know how it works out.
Reply With Quote
  #3   (View Single Post)  
Old 29th July 2011
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 43
Default

Setting UseDNS to no in sshd_config solved the problem. Thanks a million BSDfan666!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to start X11 on login? Mantazz FreeBSD Ports and Packages 2 10th July 2009 07:27 PM
cannot login after installation ccc FreeBSD Installation and Upgrading 3 28th October 2008 11:54 AM
How can i login to my FreeBSD ?? ceramic FreeBSD Installation and Upgrading 4 28th July 2008 11:56 AM
How to set up ssh login cssgalactic FreeBSD General 12 28th June 2008 06:00 PM
DSL auto login Weaseal FreeBSD General 3 17th June 2008 03:26 PM


All times are GMT. The time now is 06:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick