Cellcard and port forwarding

[groksteady]

Hi -

Not sure this its the best place to ask, so I apologize if this its considered spamming to the group.

Does anyone know if Mobitel/Cellcard occasionally blocks ports, our has begun to block them? I often connect on my phone through an ssh tunnel and SOCKS5 proxy, but as of tonight it won't let me. I can make the ssh tunnel, but not use the proxy.

Can anyone confirm this on their end?

-Rick

[Ole Johnny Rosendahl]

No problem here. Using SSH?

[Ole Johnny Rosendahl]

On Jan 4, 12:03 am, Ole Johnny Rosendahl <rudeboy...@gmail.com> wrote:
> No problem here. Using SSH?

Yes, apparently... but no problem here.

[jack...@fastmail.fm]

You ssh to the phone, or through it?
If you can make an ssh tunnel to a remote machine, they are not blocking
ports, it must be permissions or firewall/routing changes on the
machines at each end, or something more subtle. You could try changing
the port you're using for ssh.
Does a regular ssh login work OK?
We have an Ezecom connection at Hackerspace, ssh logins always work for
me.
Do you find the quality of service changes when you visit particular
sites?

Jack

[Rick Valenzuela]

On Jan 4, 2012 4:23 AM, <jack...@fastmail.fm> wrote:
>
> You ssh to the phone, or through it?

whoops, the latter; I meant through the phone and connecting to a remote host abroad and forwarding all my traffic through that.

> If you can make an ssh tunnel to a remote machine, they are not blocking
> ports, it must be permissions or firewall/routing changes on the
> machines at each end, or something more subtle.  You could try changing
> the port you're using for ssh.
> Does a regular ssh login work OK?

Ok, that makes sense, although I hadn't changed anything on my end. Last night I was able to establish the connection, but all my apps would hang trying to connect elsewhere. But without the proxy set, I could easily reach the same sites. Also, yes, I was able to connect to my shell account via ssh.

Oddly, though, this is all in past tense because this morning I'm having no problems using a tunnel... And I'm using the same settings as last night.

> We have an Ezecom connection at Hackerspace, ssh logins always work for
> me.
> Do you find the quality of service changes when you visit particular
> sites?
>

I can't say that I have; if anything it's consistently either normal or slow, across the board, whether off 3G/HSDPA or Ezecom DSL.

Thanks, Jack and Johnny, for jumping in and responding. In case it happens again, what would be a good way to test things from an android phone? I don't have busybox installed yet, but I suppose with that I could check for blocked ports?

-Rick

[Brendan Siebert]

As mentioned before its definitely not port blocking.

As after establishing the SSH tunnel, all the traffic is encrypted and sent over the same port that you established the tunnel with.

Sounds like some sort of software problem at the remote end?

Good luck!

[Rick Valenzuela]

On Jan 4, 2012 10:39 AM, "Brendan Siebert" <brendan...@gmail.com> wrote:
>
> As mentioned before its definitely not port blocking.
>
> As after establishing the SSH tunnel, all the traffic is encrypted and sent over the same port that you established the tunnel with.
>
> Sounds like some sort of software problem at the remote end?

hey, Brendan - we met up in Siem Reap. Happy New Year, and to the rest of the hackerspace + list.

The problem isn't happening anymore, but yeah, seems it wouldn't have been port blocking. I've never had a problem at the other end, a unix shell I get with my web host, and my home net connection was out at the time, so testing that was out of the question.

I'm wondering if it couldn't been just a slow connection that kept timing out. I had a lot of network probs just making calls/texts over the holiday.

[jack...@fastmail.fm]

I find tcp over ssh, even ssh itself, is not very tolerant of
lost or delayed packets.
My ssh connections tend to just die from timeouts over 3G
connections.
You could just be hitting a quality of service tipping point.

I have the following in my server /etc/ssh/sshd_config:
    TCPKeepAlive yes
    ClientAliveInterval 120
And in the client .ssh/config:
    ConnectTimeout 0
    TCPKeepAlive yes
    ServerAliveInterval 60

These values are unscientifically picked out of the air BTW, so
YMMV, but they stop my ssh logins just freezing up, which they do
regularly without those pings.
Jack

 

[Brendan Siebert]

I find when using a socks proxy over ssh everything works fine, except AJAX websites seem super flakey (i dont know if this is a proxy problem or related to what you are talking about here.

Any ideas?

[jack...@fastmail.fm]

Is your https traffic also set to go thru the socks proxy?

[Brendan Siebert]

Yes, but it is something to do with https because i find bank websites have the same problem as the AJAX sites.

[Rick Valenzuela]

On Thu, Jan 5, 2012 at 2:48 PM, Brendan Siebert
<brendan...@gmail.com> wrote:
> Yes, but it is something to do with https because i find bank websites have
> the same problem as the AJAX sites.

yo, Brendan -- Happy New Year to you too!

I haven't had the same problem since then, so can't tell if it was
AJAX. I just had both landline + ISP guys here at the same time, so
I'm using 3G/HSDPA less often now.

> On Thu, Jan 5, 2012 at 2:25 PM, <jack...@fastmail.fm> wrote:
>>
>> Is your https traffic also set to go thru the socks proxy?

yes, it would've been some SSL traffic, too.

>> On Thu, Jan 5, 2012 at 11:36 AM, <jack...@fastmail.fm> wrote:
>>
>> I find tcp over ssh, even ssh itself, is not very tolerant of
>> lost or delayed packets.
>> My ssh connections tend to just die from timeouts over 3G
>> connections.
>> You could just be hitting a quality of service tipping point.
>>
>> I have the following in my server /etc/ssh/sshd_config:
>> TCPKeepAlive yes
>> ClientAliveInterval 120
>> And in the client .ssh/config:
>> ConnectTimeout 0
>> TCPKeepAlive yes
>> ServerAliveInterval 60
>>

Thanks, Jack. I'm going to try that.

Cheers,
Rick