Bret Mills wrote:
> running Linux 2.0.36
> using it as a gateway/Sub Net Router, firewall to the Internet, Mail
> server, FTP server.
> I'm running the Firewall program "ipfwadm"
> The Problem I'm having is that now when inside the firewall on the
> Subnet I am having to wait a long time (45 seconds to 2 minutes) for my
> SUB-NET LAN PC side of the Network to get a responce when we do the
> following. Send Mail, FTP into the server, and Telnet into this server.
The two main reasons for this are that either:
a) The client's auth (ident) port has been blocked with a `deny' rule
instead of a `reject' rule. When the server tries to perform an ident
lookup on the client (so that it can log the username), the connect()
call blocks until it times out. Fix: use `reject' instead of `deny'
for the auth port (113/tcp).
b) The server is trying to perform a reverse DNS lookup on the client,
but the DNS server to which the corresponding in-addr.arpa domain has
been delegated doesn't reply in any way. Fix: ensure that reverse DNS
lookups receive a response (a negative response is OK).
-- Glynn Clements <firstname.lastname@example.org>
- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to email@example.com