Date: Mon, 19 Nov 2001 22:51:46 +1100 (EST) From: Brendan Kosowski <brendan@bmk.com.au> To: cjclark@alum.mit.edu Cc: FreeBSD Networking <freebsd-net@FreeBSD.ORG> Subject: Re: Services very slow on Firewall/nat boxes. Message-ID: <Pine.BSF.3.96.1011119223723.39818A-100000@garfield.bmk.com.au> In-Reply-To: <20011119021802.N69555@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have now fixed the problem by getting rid of the UGLY DENY rule that is present in the "open" firewall ruleset, ie "deny all from any to 127.0.0.0/8". All services are now lightning fast on my firewall/nat. Best regards to all. -------------------- On Mon, 19 Nov 2001, Crist J. Clark wrote: > On Mon, Nov 19, 2001 at 08:45:11PM +1100, Brendan Kosowski wrote: > > > > I am running natd on a FreeBSD box with IPFIREWALL and IPDIVERT added to > > the kernel. Firewall type is open. > > > > I have noticed that when you run a server (eg. sendmail, named, pop3 etc.) > > on the above, initial connection to the service is very slow (ie. between > > 5 and 60 seconds ), however once connection has been established data > > transfer becomes very fast (as per normal). > > > > If I disable natd and replace kernel with original, initial connection to > > services is very fast. > > DNS. Your machine is timing out making DNS queries. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1011119223723.39818A-100000>