On 2008/02/24 17:27, Jordi Espasa Clofent wrote:
> Stuart Henderson escribió:
>> On 2008/02/24 12:21, Jordi Espasa Clofent wrote:
>>> Very happy with performance and capabilities of PF. But when I try ssh
>>> connections from outside to my net boxes, they're very very slow. They
>>> work, but work so slowly.
>>
>> Describe this in a bit more detail...
>
> Yes Stuart, I know my words are vague, but it's exactly what I've said:
> the ssh connection with pf enable seems a slow process.
>
> A few points:
>
> * With pf disabled you get the ssh Password prompt in (aprox) 3 secons.
> * With pf enabled you'll get the ssh Password prompt in (aprox) 15 secons.
> * The use of ssh verbose flags (-vvv) it's the same with or without pf.
>
> Maybe the next step is a bit of work with tcpdump....
ok, a delay before the password prompt sounds like reverse DNS
resolution is failing. to verify this, either add some rules, or
change sshd not to lookup names ("UseDNS No" in sshd_config) and
restart it.
from your original wording, it was unclear whether the session
itself was also slow after it started.
