Trying to run an ssh server on a laptop behind a router... mtu mismatch?

Hi.

I have a laptop running an ssh server behind a 2wire 2701hg-w router. I
have forwarded the ssh port to the correct machine, and the packets are
being routed correctly as confirmed by wireshark. The ssh server works
fine when the laptop is connected directly to the modem. When the laptop
is behind the router, ssh from the remote pc times out without
connecting. I suspect it has something to do with mismatched MTU. The
router is set at 1492 because it's on PPPoE DSL but the wireless card is
set on 1500. I have a broadcom chip on the laptop and I'm using
ndiswrapper, and I get an error (SIOCSIFMTU: Invalid argument) when i
try to change the mtu to anything other than 1500. Do I need to get a
wireless card with native support to run services behind the router? Or
did I misdiagnose this?

Thanks.
Elliot

Elliot wrote:
> Hi.
>
> I have a laptop running an ssh server behind a 2wire 2701hg-w router. I
> have forwarded the ssh port to the correct machine, and the packets are
> being routed correctly as confirmed by wireshark. The ssh server works
> fine when the laptop is connected directly to the modem. When the laptop
> is behind the router, ssh from the remote pc times out without
> connecting. I suspect it has something to do with mismatched MTU. The
> router is set at 1492 because it's on PPPoE DSL but the wireless card is
> set on 1500. I have a broadcom chip on the laptop and I'm using
> ndiswrapper, and I get an error (SIOCSIFMTU: Invalid argument) when i
> try to change the mtu to anything other than 1500. Do I need to get a
> wireless card with native support to run services behind the router? Or
> did I misdiagnose this?
>
> Thanks.
> Elliot


Check that you do not have a packet filter ('firewall')
blocking ICMP packets. It breaks the MTU discovery built
into the TCP protocol.

--

Tauno Voipio

Elliot <(E-Mail Removed)> wrote:
> Hi.

> I have a laptop running an ssh server behind a 2wire 2701hg-w router. I
> have forwarded the ssh port to the correct machine, and the packets are
> being routed correctly as confirmed by wireshark. The ssh server works
> fine when the laptop is connected directly to the modem. When the laptop
> is behind the router, ssh from the remote pc times out without
> connecting. I suspect it has something to do with mismatched MTU. The
> router is set at 1492 because it's on PPPoE DSL but the wireless card is
> set on 1500. I have a broadcom chip on the laptop and I'm using
> ndiswrapper, and I get an error (SIOCSIFMTU: Invalid argument) when i
> try to change the mtu to anything other than 1500. Do I need to get a
> wireless card with native support to run services behind the router? Or
> did I misdiagnose this?

I suspect that the packet size involved in establishing a ssh connection
is too small for the laptop's larger MTU to be causing the timeout.

--
Clifford Kite
/* For every credibility gap, there is a gullibility fill.
-- R. Clopton */

On Wed, 21 May 2008 23:52:33 -0400, Elliot wrote:

> I have a laptop running an ssh server behind a 2wire 2701hg-w router. I
> have forwarded the ssh port to the correct machine, and the packets are
> being routed correctly as confirmed by wireshark. The ssh server works
> fine when the laptop is connected directly to the modem. When the laptop
> is behind the router, ssh from the remote pc times out without
> connecting. I suspect it has something to do with mismatched MTU. The
> router is set at 1492 because it's on PPPoE DSL but the wireless card is
> set on 1500.

I run several servers including SSH behind PPPoE routers. On the WAN side
the MTU is 1492, on the LAN (or DMZ) side, the MTU is 1500. Never had any
MTU related problems...

> Or did I misdiagnose this?

Have you invoked ssh from the client side, using the "-v" option..?
Multiple "-v" options increase the verbosity.


--
Regards/mvh Joachim Mæland

If everything seems under control, you're just not going fast enough.
-Mario Andretti