> From: Mark Nelson <mn@tardis.cx>

 This address doesn't work.

> I have a ipf based firewall

 I think you have some routing issues, either on your client or your firewall.
Does your client have multiple interfaces too?

> pass in quick on ex0 proto tcp from any to 10.119.6.226 port = ssh
> flags S/SA keep state

 Enable logging on this line.

> However when I try to connect to the machine

 I assume you're connecting from 10.32.160.78 which is on the ex0 interface?
 
> the connection is blocked
> and I get the following line in the firewall log.
> 17/11/2003 15:44:18.943806 ex2 @0:19 b 10.169.6.226,22 ->
> 10.32.160.78,34502 PR tcp len 20 552 -A IN

 How did ex2 get in there?  Is 10.32.160.78 on ex0 or ex2, and does the
firewall's routing table agree?  On the firewall type 'route -n get
10.32.160.78' to check the outgoing interface.

> The ssh daemon seams to want to open a connection back to the source machine
> on port 34502. 

 Your log shows it's an ACK packet, not a SYN (new connection).  I bet if you
run 'netstat -anf inet' on the ssh client machine you'll see a partially
established connection with a source port of 34502.