SSH broken pipe - asymetric routing issue?
-
Hi,
I am receiving a broken pipe when I SSH to a machine in a different subnet. My research indicates it is linked to asymetric routing - but I am not experienced enough to diagnose it properly.I have two intefaces:
LAN: 10.10.0.0/24
CORE: 10.10.10.0/24
Each have their own physical NIC and there are no VLANs.When I SSH to a server in the LAN network from the CORE network, after about 30 seconds the session hangs and then terminates with:
packet_write_wait: Connection to 10.10.0.79 port 22: Broken pipeI have looked int he logs and can't find anything that is happening when the session is terminating.
If I am directly patched into the LAN network I do not experience broken pipes. It is only when patched into the CORE network.
Looking for suggestions to diagnose the problem.
Thanks
I have the following firewall rules set up:
LANStates Protocol Source Port Destination Port Gateway Queue Schedule Description 0 /61.09 MiB * * * LAN Address 443, 80, 22 * * Anti-Lockout Rule 0 /46.25 GiB IPv4 * LAN net * * * * none Default allow LAN to any rule 0 /0 B IPv6 * LAN net * * * * none Default allow LAN IPv6 to any ruleCORE
States Protocol Source Port Destination Port Gateway Queue Schedule Description 167 /45.82 GiB IPv4 * CORE net * * * * none Default allow CORE to any rule 0 /0 B IPv6 * CORE net * * * * none -
I have done some diagnosis and I realise that the traffic is coming back from a second NIC. So it is indeed asymmetric routing.
-
@bryon I decided the simplest and most secure way forward is to create a jumpbox with two NICs. I ssh to the jumpbox when I need to access the management LAN.
I plan to add a web proxy to the jump box so I can access web-based machines in the management LAN.
If anyone has alternate ideas then I'd love to hear them.