Date: Wed, 27 Feb 2002 01:37:43 +0100 From: Erik Trulsson <ertr1013@student.uu.se> To: Jeremy Cooper <jeremymcooper@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH connection takes 2 minutes to connect Message-ID: <20020227013743.A13818@student.uu.se> In-Reply-To: <20020227002609.79772.qmail@web20404.mail.yahoo.com>; from jeremymcooper@yahoo.com on Tue, Feb 26, 2002 at 04:26:09PM -0800 References: <20020227002609.79772.qmail@web20404.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 26, 2002 at 04:26:09PM -0800, Jeremy Cooper wrote: > When I was running an "open" firewall policy, I had no > problem SSH'ing to the box from the LAN or from the > internet. I have tighened down my rulebase and it now > takes 2 minutes to connect via SSH to the firewall. > Does anyone have any suggestions? Try changing the rule for connections on TCP port 113 from 'deny' to 'reset'. Some programs try to connect to port 113 (ident) before allowing a connection. If that port is set to deny they won't get an answer and eventually timeout. If you use 'reset' instead they will immediately learn that nobody is listening and can continue at once. (I know that when I use ssh to connect from my machine to an outside machine, the outside machine tries to connect to port 113 first.) > > Thanks, > > Jeremy > > __________________________________________________ > Do You Yahoo!? > Yahoo! Greetings - Send FREE e-cards for every occasion! > http://greetings.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020227013743.A13818>