Odd problem with ssh (resolved)

  • I'm running pfsense 1.2RC2, embedded, bridged firewall install.

    I've had this running for well over a year and generally never have to make any sort of changes to it.  I also use this firewall as a proxy for traffic from work on occasion via ssh.  The problem started only a few days ago and I can't understand what is causing it but I believe it is originating on the firewall itself.

    When it was working normally, I'd open an ssh session, route my web traffic in the web browser to itself via some selected application port (8000 for example), and the proxy would work fine.  Very simple setup.

    Well recently when I would ssh in, I would receive an error as soon as I authenticated stating "bind: cannot assign requested address".  My ssh command line session works fine, but when trying to go anywhere via my browser it will always return the error that the proxy is refusing connections.  I have verified I receive this error on multiple remote machines, so this is what led me to the source of the problem being pfsense.

    I generally open my session with a generic command line something like "ssh -D (app port) -p (remote port) -c (selected cipher) -l (logon ID, admin for example) <ip address="">".  I have also verified that if I remove the -D switch from the command that I do not receive the bind error, but then of course I still cannot route my application traffic and still receive the proxy error in the web browser.

    I am puzzled why this error would be popping up.  I did not make any changes to pfsense, with the exception of adding on selected days to allow an ssh session (which all attempts fell under those windows).  I did reboot pfsense just incase maybe some process got hung for some reason or another, and I also switched my host to a different ip address.  None of those helped.

    I'm hoping maybe someone has stumbled across this problem before or might have an idea of something else to try.</ip>

  • Sounds like an application on your local machine already has the port in use.

    Do an "lsof -i tcp:XXX" just prior to running the ssh, where XXX is your proxy port. If you've not got lsof, use "netstat -na | grep XXX"

    Either way, if the port is available, no output should be provided. If the port is already in use, you'll get some output.

  • Hi,
    I ran both commands just to be sure and there was no output available, so that tells me my usual proxy port was ok to use.  But like I mentioned earlier, I experienced this same problem from multiple workstations at my remote site, which leads me to believe the problem is on the pfsense end.

    I had considered that maybe my remote site firewall is blocking this somehow, but I'm not so quick to embrace that cause for the simple that I am able to establish an ssh session, just not with the -D switch for the proxy port that results in the error.  I have also tried several other ports recently and receive the same error.

  • Ok well I was able to successfully establish a proxy session via another machine, so apparently the machines I used in my original tests were experiencing similar problems (most likely user error), but the main machine I use (FreeBSD 6), well it would appear to be something wrong that would require more in-depth troubleshooting.  But, bottom line is it is not a problem with pfsense ssh host.

Log in to reply