From owner-freebsd-questions@FreeBSD.ORG Tue Sep 16 11:50:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D05AF16A4B3; Tue, 16 Sep 2003 11:50:44 -0700 (PDT) Received: from mail.ca.certicom.com (ns.ca.certicom.com [66.48.18.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5089F43FBF; Tue, 16 Sep 2003 11:50:41 -0700 (PDT) (envelope-from LTay@certicom.com) Received: from localhost (storm [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id B1CDA10957; Tue, 16 Sep 2003 14:50:40 -0400 (EDT) Received: from mail.ca.certicom.com ([127.0.0.1]) by localhost (storm [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20692-80; Tue, 16 Sep 2003 14:50:40 -0400 (EDT) Received: from certicom1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP id C0DD3107D8; Tue, 16 Sep 2003 14:50:39 -0400 (EDT) In-Reply-To: <3F673E9C.9070201@mac.com> To: Chuck Swiger X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003 Message-ID: From: Lay Tay Date: Tue, 16 Sep 2003 11:46:29 -0700 X-MIMETrack: Serialize by Router on Certicom1/Certicom(Release 6.0.1|February 07, 2003) at 09/16/2003 02:46:30 PM MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII cc: freebsd-questions@FreeBSD.ORG cc: owner-freebsd-questions@freebsd.org Subject: Re: Slow NAT firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 18:50:45 -0000 Hello, Thanks. You're right, Raphael replied and was right-on. My sshd was doing reverse DNS lookup and my firewall was preventing that. I used the "-u0" option in the sshd startup and the problem went away. Regards, Lay Boon. Chuck Swiger Sent by: To owner-freebsd-que Lay Tay stions@freebsd.or cc g freebsd-questions@FreeBSD.ORG Subject Re: Slow NAT firewall 09/16/2003 09:47 AM Lay Tay wrote: [ ... ] > Everything worked fine except that I noticed ssh connection takes a very > long time. When I use PUTTY or WinSCP on a windows machine to connect to > my internal machine, the authentication takes a very long time. WinSCP > will alway timeout on the first try, when I hit "retry", the > authentication goes through. > > This does not happen if I insert a "pass everything" rule in ipfw. Sounds a lot like a DNS timeout. I'm not sure your rules for port 53 are doing exactly the right thing; where does DNS traffic go when you do this SSH connection? -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"