Anyone else have anything to add to this or can anyone give more detail on how this is a DNS issue? I have a very similar problem as the original poster.
I have two Redhat 8.0 machines, one has this same problem while the other one does not. Both have the same DNS settings, ie they hit the same DNS server. For example if I load iptables, both running the same script, one machine immediately has problems with just about everything: ssh, webmin, xterm, etc, everything is sluggish. The other machine responds fine. I've never found a solution to this and could only turn off iptables on the one having the problem. (not directly connected to the net, so not a big deal really.) But I would like to know what is causing the problem. Thanks, James On Fri, 2002-12-20 at 13:02, lester lasad wrote: > > Thanks for the responses. Regarding the name resolution is it looking for itself, >the local machine? The command below "iptables -L-n -V" just lists the version of >iptables, nothing else. Doing "iptables -nL" gave a much quicker response. > The main problem is that everything is slow after loading the rules ( examples: >webmin, vnc, opening a shell, smtp ) Once I disable the rules the performance picks >back up. My intentions are to make this server my SMTP gateway which will be >handling thousands of emails on a daily basis and the performance issue after loading >iptables is preventing me from deploying this server. Has anyone seen this behavior >after enabling iptables? > Jack Bowling <[EMAIL PROTECTED]> wrote:On Fri, Dec 20, 2002 at 05:59:23AM -0800, >lester lasad wrote: > > > > I am running redhat 7.3 everything is working properly until loading the iptables >rules. After loading the rules I am taking a big performance hit. It can take >anywhere from 10 - 30 seconds for my server to display the results of "iptables -L". >This wasn't happening prior to the rules being loaded. Trying to open a shell has the >same results as well as many other things. > > > > I am loading the iptables rules from webmin. After disabling the rules using >"iptables -P INPUT ACCEPT" and "iptables -F" I no longer have a performance issue. I >have included the contents of iptables below. > > > > *filter > > :FORWARD ACCEPT [0:0] > > :INPUT DROP [0:0] > > :Inbound - [0:0] > > :OUTPUT ACCEPT [0:0] > > -A INPUT -j Inbound > > -A Inbound -p tcp -m tcp -m state --state ESTABLISHED -j ACCEPT > > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 22 -j ACCEPT > > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 25 -j ACCEPT > > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 10000 -j ACCEPT > > -A Inbound -i lo -j ACCEPT > > -A Inbound -p tcp -m tcp -j DROP > > -A Inbound -p udp -m udp -j DROP > > -A Inbound -p icmp -j DROP > > COMMIT > > # Generated by webmin > > *mangle > > :FORWARD ACCEPT [0:0] > > :INPUT ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > COMMIT > > # Completed > > # Generated by webmin > > *nat > > :OUTPUT ACCEPT [0:0] > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > COMMIT > > # Completed > > Please change the first ACCEPT rule to ESTABLISHED, RELATED to enable > one of the finer abilities of netfilter code. > > And your problem is undoubtedly name resolution. By making your command > "iptables -L-n -v", you will be spared the long wait. > > -- > Jack Bowling > mailto: [EMAIL PROTECTED] > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
