Hi - been running a VM for a while and everytime I reboot it I find I cannot connect to it again from my laptop for a while. Playing with tcpdump it looks like my outgoing TCP SYNs are not making it to my VM after a reboot. Is there some sort of firewall between my VM and the Internet that could be causing a problem? hm good question essentally after a reboot ssh access via TCP port 22 seems down from my laptop for ~25 minutes, but from other IPs it's ok and ping works my laptop ssh client will have been trying to reconnect every few seconds during the reboot; I wonder if it's tickling some protection I'm not aware of it also seems tcp port specific - so far only affecting port 22 SYNs to other TCP ports get through Highly doubtful. doubtful perhaps; but something is blocking my SYNs and it's not the OS on the VM sfaict this time it took 5 minutes for them to get through after a reboot so essentially I have to wait 5-25 minutes after a reboot before I can reconnect ideas welcome - if anyone can think of anything else that might cause this behaviour knigma-m, why is your laptop constantly trying to connect while its off? just what my Windows ssh client does - keep retrying since it's configured to be a persistent connection ...never caused a problem before means the ssh connection is re-established every time I switch networks or suspend/resume I've no *evidence* that's triggering the issue; I just cannot think of another explanation perhaps turning it off and seeing whether it still blocks connections after a reboot will give more information. ok - I'll do that now ;) yes - was able to re-connect first time if I allowed a reboot to complete first. Can anyone confirm that there *is* some sort of firewall in front of my VM that would explain this behaviour? seems to be. this would be good to know ...perhaps trying to protect against port scans or random IP searching that is question 1. question 2 would be if your client supports reconnect throttling q2. No, sadly not. I guess it waits for a TCP connection timeout and once it gets that retries immediately. I'm fine with it if I can explain it - just I haven't seen any documentation that explains there's a firewall in front of my VM. ...so I spent ages assuming is was somethign screwed up on my laptop perhaps it looks like a SYN flood, but it really shouldn't that that aggresive, Windows doesn't send that many SYNs. knigma-m: there is some kind of filtering to prevent ssh brute force seems quite aggressive if it's preventing persistent connection clients ok - thanks; I can live with that - just seems a little too sensitive yes i agree any way we can have that throttled down in sensitivity somewhat? it's just one persistent client - so I guess only a SYN a second ha, found it: http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=ssh+syn&action=search&error=0 it should be higher like more than 60 in 1 minute, not 10 thanks - good - problem understood - that's kina crazy low though no brute force will be effective at only 1 per second brute force begins at 10+/sec imo i have seen ssh brute force at much lower rates... running a quick test; a few successful ssh connections also trips the filter, so it's not resistricted to unsuccessful attempts just "ssh x.y.z ls" a few times trips it no it just counts syns but a relatively short break from SYNs seems to remove the filter; so my problem is that my ssh client never takes a break to only count unsuccessful attempts the rate limiting would need to happen on the host not on some router in between yep - would require a stateful rule; ok well at least I know it's not my end that's broken - thanks for the input err, host is ambigous. i mean the ssh server, i.e. the vps the "rule" only blocks SYNs, once existing TCP connections from the same IP aren't impacted well, that would be very bad... :) like typing to fast and get disconnected... lol :P i need to make that a t shirt; "I type so fast my firewall's TCP throttle rate is exceeded" that would indeed be a good tshirt oh hey it's another up_the_irons2 migrating to latest weechat and bitlbee, so i have two servers runnin' at the moment anyone have a way to get better 256 color support in weechat 4? i mean, i have it doing 256 colors, but *by default*, it only defines like 20 of them... you can define others, but i'd rather not have to do it all on my own ;) up_the_irons/up_the_irons2: After the earlier discussion, I went looking through the FAQ but there's no mention that ARP has any firewalling. I think this really ought to be published, eg "we don't firewall anything except..." i tend to agree Then there is the outbound UDP ratelimiting as well oh is there? any specific ports? are you cheating on irssi? poor irrsula... brachiation: up_the_irons has run weechat for as long as I can remember, and even longer according to the logs :p i could have sworn it was irssi... i like irssi myself. I'm happy with irssi. I've tried weechat, and have no complaints really... I'm just entrenched in irssi nowadays the default weechat theme reminds me of a circus. The /clown_act command is my favorite part, though the /lion_tamer bit is fun too. i like how they gzip all those clowns in the carball. brycec i agree, it should be explicit somewhere docs! brachiation: nah, i've been on weechat for as long as i can remember.. was in irssi before