On 2008/02/24 17:27, Jordi Espasa Clofent wrote: > Stuart Henderson escribió: >> On 2008/02/24 12:21, Jordi Espasa Clofent wrote: >>> Very happy with performance and capabilities of PF. But when I try ssh >>> connections from outside to my net boxes, they're very very slow. They >>> work, but work so slowly. >> >> Describe this in a bit more detail... > > Yes Stuart, I know my words are vague, but it's exactly what I've said: > the ssh connection with pf enable seems a slow process. > > A few points: > > * With pf disabled you get the ssh Password prompt in (aprox) 3 secons. > * With pf enabled you'll get the ssh Password prompt in (aprox) 15 secons. > * The use of ssh verbose flags (-vvv) it's the same with or without pf. > > Maybe the next step is a bit of work with tcpdump....
ok, a delay before the password prompt sounds like reverse DNS resolution is failing. to verify this, either add some rules, or change sshd not to lookup names ("UseDNS No" in sshd_config) and restart it. from your original wording, it was unclear whether the session itself was also slow after it started.