From owner-freebsd-questions Tue Feb 26 16:38: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hamberg.it.uu.se (hamberg.it.uu.se [130.238.9.198]) by hub.freebsd.org (Postfix) with ESMTP id 5427537B41A for ; Tue, 26 Feb 2002 16:37:49 -0800 (PST) Received: (from ertr1013@localhost) by hamberg.it.uu.se (8.8.5/8.8.5) id BAA14018; Wed, 27 Feb 2002 01:37:43 +0100 (MET) Date: Wed, 27 Feb 2002 01:37:43 +0100 From: Erik Trulsson To: Jeremy Cooper Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH connection takes 2 minutes to connect Message-ID: <20020227013743.A13818@student.uu.se> References: <20020227002609.79772.qmail@web20404.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020227002609.79772.qmail@web20404.mail.yahoo.com>; from jeremymcooper@yahoo.com on Tue, Feb 26, 2002 at 04:26:09PM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Feb 26, 2002 at 04:26:09PM -0800, Jeremy Cooper wrote: > When I was running an "open" firewall policy, I had no > problem SSH'ing to the box from the LAN or from the > internet. I have tighened down my rulebase and it now > takes 2 minutes to connect via SSH to the firewall. > Does anyone have any suggestions? Try changing the rule for connections on TCP port 113 from 'deny' to 'reset'. Some programs try to connect to port 113 (ident) before allowing a connection. If that port is set to deny they won't get an answer and eventually timeout. If you use 'reset' instead they will immediately learn that nobody is listening and can continue at once. (I know that when I use ssh to connect from my machine to an outside machine, the outside machine tries to connect to port 113 first.) > > Thanks, > > Jeremy > > __________________________________________________ > Do You Yahoo!? > Yahoo! Greetings - Send FREE e-cards for every occasion! > http://greetings.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message