Hi Karl, Thanks for your help. Like you suggested, it was a DNS lookup that made it so slow. I added LAN hosts and ips on /etc/hosts on the firewall and now everything works nice and fast.
BR, samppa On Thursday 07 March 2002 08:26, you wrote: > ... it looks like you're running into some timeout, which usually is either > a DNS-lookup or ident-lookup ... > > ... just try to type in he following lines on your FW-console and see if it > gets any better (to gracefully reject any ident-lookups instead timeout): > > iptables -I INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with > tcp-reset iptables -I OUTPUT -p tcp -m tcp --dport 113 -j REJECT > --reject-with tcp-reset > > You might also want to setup a reverse-lookup for your internal > ip-addresses in your nameserver to avoid asking the world for your computer > names ... > > Enable named-logging or just do a tcpdump on the external interface and see > if there's any DNS (port 53) requests when you try to connect to your box > ... > > hope that helps ... > > - Karl -- Whoa...I did a 'zcat /vmlinuz > /dev/audio' and I think I heard God...
