Re: HELP!! PROBLEM RUNNING FROM WITH IN FIREWALL TO THE SEVER ITSELF

Glynn Clements (glynn@sensei.co.uk)
Sat, 17 Apr 1999 20:30:57 +0200 (GMT--1:00)


[PS: Please disable HTML when posting to the list]

Bret Mills wrote:

> running Linux 2.0.36
> using it as a gateway/Sub Net Router, firewall to the Internet, Mail
> server, FTP server.
> I'm running the Firewall program "ipfwadm"
> The Problem I'm having is that now when inside the firewall on the
> Subnet I am having to wait a long time (45 seconds to 2 minutes) for my
> SUB-NET LAN PC side of the Network to get a responce when we do the
> following. Send Mail, FTP into the server, and Telnet into this server.

The two main reasons for this are that either:

a) The client's auth (ident) port has been blocked with a `deny' rule
instead of a `reject' rule. When the server tries to perform an ident
lookup on the client (so that it can log the username), the connect()
call blocks until it times out. Fix: use `reject' instead of `deny'
for the auth port (113/tcp).

b) The server is trying to perform a reverse DNS lookup on the client,
but the DNS server to which the corresponding in-addr.arpa domain has
been delegated doesn't reply in any way. Fix: ensure that reverse DNS
lookups receive a response (a negative response is OK).

-- 
Glynn Clements <glynn@sensei.co.uk>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu