SSH: Firewall-OK & WAN-OK but LAN-Broken Pipe

  • While I am still looking through pfSense configuration settings....
    If anyone can help with the issue posted please reply and hopefully I can get this resolved quicker.

    pfSense 2.4.4-RELEASE-p3

    Local Server #1
    CentOS Linux release 7.6.1810 (Core)
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

    Local Server #2
    Ubuntu 18.04.3 LTS
    OpenSSH_7.6p1, Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017

    This is likely a pfSense-related issue though we are able to SSH to the firewall without the issue.

    When connecting to the server via SSH from the WAN, outside, it stays connected with no issues.
    So I can SSH out to any other machine outside the network and then connect back through the WAN via SSH from that machine in and it is fine.

    When connecting to the server via SSH from the LAN, inside -- regardless of using the hostname of the box or the IP Address, it stops after a short time.
    Initially no data appears to be sent to the server, typing on the keyboard seems to produce no visible response.
    The following is seen, when using ssh -vvv:
    debug3: send packet: type 1
    packet_write_wait: Connection to port 22: Broken pipe

    There is a pfSense Firewall between the outside and the server, but not between the local network and the server.

    I have tried:

    1. On the client side: Adding the following to ~/.ssh/config
      Host *
      ServerAliveInterval 300
      ServerAliveCountMax 2
    2. On the server side: Changing the sshd_config to the following
      ClientAliveInterval 300
      ClientAliveCountMax 3


  • Update:

    Going from the Unbuntu machine to the CentOS machine has no issue with SSH
    This may be more related to either Mac/Windows or my local computer -- I'd rather be wrong and have an easy fix (rebooting shortly) -- But will update either way.

  • So yeah it was only 1 computer.
    A reboot fixed it.... all is (as close to) normal as it can get.
    Hectic morning.

    Nothing to see here.

    Thanks for listening to my craziness.

Log in to reply