Re: Identifying a slightly odd network problem

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> I need some help trying to even understand where to begin to look for
> a solution for a network problem I've been having.

> The network looks something like this [...]

> ipfilter=YES
> ipnat=YES

The symptoms you describe sound to me like something going wonky in
ipf/ipnat state, such that it's discarding state inappropriately and
thus losing packets which would normally be forwarded - or, depending
on just what your ipf.conf and ipnat.conf look like, possibly just
filtering packets it shouldn't be.  If you want to verify this, I'd
suggest starting tcpdumps on wm1 and wm2, then doing one of the
problematic ssh connections.  Look to see if packets are coming in one
interface but not going out the other.  (If it would help, I have a
program that can take two pcap files and merge them based on packet
timestamps....)

Personally I'd suggest putting ipf/ipnat on a different machine from
the house network routing - if you can, of course; if you're filtering
between house subnets or something, obviously that's not as doable.

If everything works fine with tcpdump running but not otherwise, that's
an even stronger clue, though I'm not sure in any detail what it points
to (especially since you're running a version I've never worked with).

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B