[Techtalk] weird network behavior

Maria Mckinley maria at shadlen.org
Fri Dec 10 20:53:38 UTC 2010 

Hello there,

I am very confused. I have host based ssh working for almost all of my 
machines, except when sshing FROM one particular machine, mimi. If I ssh 
TO mimi, or to/from any other machine, everything is fine. But, I cannot 
ssh out of mimi to any other machine; it always asks for my password, 
which works just fine. The only difference I see in communication, is 
that when mimi asks the other machines for their ip, mimi receives their 
mac address instead, but with all of the attempts from other machines, 
the machine just seems to know the right ip:

Going from mimi to bettye does not work:

root at bettye:~# tcpdump -v host 10.208.108.17
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 
65535 bytes
12:45:14.341940 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
bettye.shadlen.org tell mimi.shadlen.org, length 46
12:45:14.341973 ARP, Ethernet (len 6), IPv4 (len 4), Reply 
bettye.shadlen.org is-at 00:1d:7d:d6:b2:e9 (oui Unknown), length 28
12:45:14.342034 IP (tos 0x0, ttl 64, id 57433, offset 0, flags [DF], 
proto TCP (6), length 60)
     mimi.shadlen.org.48447 > bettye.shadlen.org.ssh: Flags [S], cksum 
0x8314 (correct), seq 103393154, win 5840, options [mss 1460,sackOK,TS 
val 226248667 ecr 0,nop,wscale 7], length 0

Going from herbie to bettye does:
root at bettye:~#  tcpdump -v host 10.208.108.24
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 
65535 bytes
12:49:09.338429 IP (tos 0x0, ttl 64, id 41120, offset 0, flags [DF], 
proto TCP (6), length 60)
     herbie.shadlen.org.46479 > bettye.shadlen.org.ssh: Flags [S], cksum 
0xf1ac (correct), seq 1280374511, win 5840, options [mss 1460,sackOK,TS 
val 42227279 ecr 0,nop,wscale 7], length 0

Going from bettye to mimi does:
mimi:~# tcpdump -v host 10.208.108.18
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96 
bytes
12:51:00.656378 IP (tos 0x0, ttl 64, id 60264, offset 0, flags [DF], 
proto TCP (6), length 60)
    bettye.shadlen.org.54994 > mimi.shadlen.org.ssh: S, cksum 0x1630 
(correct), 1448921915:1448921915(0) win 5840 <mss 1460,sackOK,timestamp 
342433875 0,nop,wscale 7>

I know that all of the ssh files are exactly the same. Also /etc/hosts, 
/etc/hosts.equiv, and /etc/resolv.conf (which uses my dns server) are 
all the same. Any ideas what could be going on here? The other weird 
thing is this use to work, and I don't know what could have changed. The 
behavior seems to imply a change that happened on mimi that causes other 
machines to behave differently only to mimi, but I can't think what that 
might be.

thanks,
maria

More information about the Techtalk mailing list