I have a server running linux 2.6.11.12 connected to the Internet through a ADSL modem. It runs both SSH and FTP daemons, but I'm having a strange problem. When I attempt to connect from the Internet through SSH it stalls (until it timeouts) after I type the correct password; if I type a wrong one it will ask again as usual. I've tried connecting to outside machines and it does the same thing and tcpdump shows that I start getting out-of-order TCP packets followed by retransmissions, which causes the stall.
If I try to connect to the FTP server in passive mode, it stalls after the LIST command, when the data should go to the client. Again, tcpdump shows only retransmissions after that command, so the passive connection is established by the client but then no other acknowledgements are received from the client.
The machine has a firewall running but when I connected another machine to the interface used to connect to the Internet (replacing the modem), I could connect both with SSH and FTP. So it seems the problem is not with the firewall rules. Also I've already exchanged the modem for another new one and all the cables.
So now I'm at a loss; any ideas ??

Carlos A. R. Azevedo

Can you fill in the blanks? Where did you run tcpdump? By outside, do you mean from another Internet site to your SSH site? Where is the client and the server in each case? You are getting out of order packets??? Did you see out of order packets received at the SSH server? Try using transmitted from and received at instead of "getting" so that we can understand what you understand.

OK, let me clarify...
Let's call my linux server machine A and another one connected to it through the Internet machine B. The connection is made by ADSL, with a modem connected to machine A. Machine B has no problem connecting to other machines on the Internet.
Tcpdump was run on machine A with 'tcpdump -i eth0 -w pack'. Eth0 is the interface connected to the modem.
When I logon from machine B to machine A using SSH I get the password prompt but if I type in the correct password the connection stalls (but I haven't checked this traffic with tcpdump). When I logon from machine A to machine B I get the same thing and tcpdump shows out-or-order packets from machine B to machine A (on ethereal they're called TCP Out-Of-Order) followed by retransmissions from machine A to machine B (again on ethereal called TCP Retransmission).
When I connect from machine B to machine A using FTP (passive mode), I see both the 'LIST' and '150 Here comes' packets but the data on the passive channel (on a high port) never flows. Tcpdump shows TCP Retransmissions from machine A to machine B without any ACKs from machine B.

I would recommend putting the client system on the same network as the server system. It seems that your well known port handshake is successful. However, one or both machines is using arbitrary or dynamic ports. Normally, arbitrary ports would be used and firewalls allow this. However, many firewalls require additional provisioning for dynamic ports. Look at your packet captures. Does the client switch from the well known port for SSH to a single arbitrary port, or does it use infinitely variable ports.

FTP also uses a arbitrary ports. As a result, enabling FTP on a stateful firewall usually sets up a rule that understands this. Building a rule to allow ports 20 and 21 will not suffice if the firewall is not stateful.

Something in your path is not handling the sessions properly. What do you get with both systems on the same LAN segment?