Date: Tue, 16 Sep 2003 11:46:29 -0700 From: Lay Tay <LTay@certicom.com> To: Chuck Swiger <cswiger@mac.com> Cc: owner-freebsd-questions@freebsd.org Subject: Re: Slow NAT firewall Message-ID: <OF73D33AD2.9E28FDE1-ON85256DA3.00670859-88256DA3.006774F4@certicom.com> In-Reply-To: <3F673E9C.9070201@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Thanks. You're right, Raphael replied and was right-on. My sshd was doing
reverse DNS lookup and my firewall was preventing that. I used the "-u0"
option in the sshd startup and the problem went away.
Regards,
Lay Boon.
Chuck Swiger
<cswiger@mac.com>
Sent by: To
owner-freebsd-que Lay Tay <LTay@certicom.com>
stions@freebsd.or cc
g freebsd-questions@FreeBSD.ORG
Subject
Re: Slow NAT firewall
09/16/2003 09:47
AM
Lay Tay wrote:
[ ... ]
> Everything worked fine except that I noticed ssh connection takes a very
> long time. When I use PUTTY or WinSCP on a windows machine to connect to
> my internal machine, the authentication takes a very long time. WinSCP
> will alway timeout on the first try, when I hit "retry", the
> authentication goes through.
>
> This does not happen if I insert a "pass everything" rule in ipfw.
Sounds a lot like a DNS timeout. I'm not sure your rules for port 53 are
doing
exactly the right thing; where does DNS traffic go when you do this SSH
connection?
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF73D33AD2.9E28FDE1-ON85256DA3.00670859-88256DA3.006774F4>