Login or Register to Ask a Question and Join Our Community


BSD

ipfw slow ssh and ftp connections

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems BSD ipfw slow ssh and ftp connections
# 1  
Old 05-06-2005
ipfw slow ssh and ftp connections
just as the title says.
thanks.

#General Rule Sets
/sbin/ipfw add 0300 check-state
/sbin/ipfw add 0301 deny tcp from any to any in established
/sbin/ipfw add 0302 pass tcp from any to any out setup keep-state
/sbin/ipfw add 0303 pass udp from any to any out

#SSH FTP
/sbin/ipfw add 0400 pass tcp from any to any 22 in setup keep-state
/sbin/ipfw add 0401 pass tcp from any to any 21 in setup keep-state

#HTTP HTTPS
/sbin/ipfw add 0500 pass tcp from any to any 80 in setup keep-state
/sbin/ipfw add 0501 pass tcp from any to any 443 in setup keep-state

#IMAP IMAPS POP3 SMTP
/sbin/ipfw add 0600 pass udp from any to any 25 in
/sbin/ipfw add 0601 pass tcp from any to any 25 in setup keep-state
/sbin/ipfw add 0602 pass tcp from any to any 143 in setup keep-state
/sbin/ipfw add 0603 pass udp from any to any 143 in
/sbin/ipfw add 0604 pass tcp from any to any 993 in setup keep-state
/sbin/ipfw add 0605 pass tcp from any to any 110 in setup keep-state
/sbin/ipfw add 0606 pass udp from any to any 110 in

#DNS
/sbin/ipfw add 0700 pass udp from any to any 53 in
/sbin/ipfw add 0701 pass tcp from any to any 53 in setup keep-state
/sbin/ipfw add 0702 pass udp from xxx.xxx.xxx.xxx to any in
/sbin/ipfw add 0703 pass udp from xxx.xxx.xxx.xxx to any in
# 2  
Old 05-12-2005
no ideas anyone ? dns is not an issue, when connecting with the IP of this box logging in is still slow.
# 3  
Old 05-12-2005
After you connect to the box, from that box, do a reverse dns lookup on the ip address that you originate from. Is that is slow, then this is a dns issue.
# 4  
Old 05-12-2005
the reverse lookup took about 8-9 seconds.
# 5  
Old 05-12-2005
Well, how does that compare with the login delay? The box will do a reverse dns lookup to log the connection.
# 6  
Old 05-12-2005
about the same, so should i double check my reverse dns configuration on the ssh server ?
# 7  
Old 05-13-2005
That is a little slow for dns, I would check out the dns setup to try and find out why. I guess...actually 8 or 9 seconds probably wouldn't be much motivation. Smilie You can do stuff like setting up a caching-only name server on the target box. Or even use a hosts file. You probably can also configure your ftp server and ssh server to log ip addresses only. There are lots of options now that you know where the delay is.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Help, SSH /ipfw block script

Hello, This is an SSH Block hammer script using ipfw, that I have modified for my own use. It is for a freenas 7.2 box which is FreeBSD based. The script works, but if there is more then one hammer attack per day, my issue is the script reads the first five instances of refused or invalid... (2 Replies)
Discussion started by: dpreviti
2 Replies

2. AIX

How to list the current ftp connections?

Hello, I need to know How to list the ""current"" ftp connections? the machine is AIX 6.1 Regards Ahmed Amer Cairo,Egypt (5 Replies)
Discussion started by: ahmedamer12
5 Replies

3. UNIX for Dummies Questions & Answers

Need to know if there are ftp connections in my machine

Hello, I need to know if there are ftp connections in my machine. How can I find out that?any commands to use? PS: i know how to find which users are on my machine now by using #who -r regards (2 Replies)
Discussion started by: ahmedamer12
2 Replies

4. UNIX for Advanced & Expert Users

Disallow new ssh connections for a while ?

Hello, What is the best way to disallow new ssh connections for the duration of my session ? I want to evade read/write collisions. Things work like that - one session put files on server, other copies these files and then deletes them. So in order to evade collision: - I check if there are... (1 Reply)
Discussion started by: vilius
1 Replies

5. Programming

FTP - reusing data connections

Hi there, This may be a stupid question, but... Is it possible to use one data connection channel initiated on a FTP server for sending multiple commands (LIST, NLST, MLSD)? Thanks in advance! (1 Reply)
Discussion started by: Yezu
1 Replies

6. Ubuntu

SSH droping connections over a VPN

Hello friends, I'm connection to an external network using a VPN configured over an Ubuntu. The problem is that whenever I get connected to a remote computer using my VPN as router, after a while, sometimes short, sometimes long, sometimes immediately, the connection gets lost and I've to... (1 Reply)
Discussion started by: lzcool
1 Replies

7. AIX

Show number of SSH connections

I'm investigating an issue where rsync's to an AIX server will sometimes fail. I suspect the problem might be due to the number of simultaneous SSH connections being made to the host dropping the rsync attempts. I'd like to view the number of open ssh connections. The who command will list logged... (1 Reply)
Discussion started by: indiana_tas
1 Replies

8. UNIX for Dummies Questions & Answers

SSH and FTP connect slow

Hi again guys, Earlier today, just all of a sudden, all SSH and FTP connections to my internal Linux box just slowed down to a crawl. After the connection/authentication though, everything was back to normal speed. Until you have to connect again. A box reboot didnt work either. Now, from... (1 Reply)
Discussion started by: Aeros
1 Replies

9. Solaris

Solaris 9 slow login thru ssh & ftp

When I ssh to my box, an Ultra 5. I get prompted for password immediately. I enter it and have to wait sometimes a full minute for it to prompt for a password. The same thing happens when i try to ftp to the box, it will say connected, but it takes forever to prompt for password, and... (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies
Login or Register to Ask a Question