Re: odd delay with ssh and ipchains
Actually, I blocked my DNS connection and it was timing out... :-\ Tim Jason Schepman wrote: Tim, I don't think you're doing anything wrong. I assume that you're running ssh as a daemon. If this is the case, mine does the same thing. Sometimes my ssh connections don't even go through until I attempt a second connection. It's almost as if the daemon has to 'wake up' before it will accept connections. -jason - Original Message - From: "Timothy H. Keitt" <[EMAIL PROTECTED]> To: Sent: Saturday, February 10, 2001 5:28 PM Subject: odd delay with ssh and ipchains I just configured ipchains on my firewall box to only allow www and ssh access from outside the local net. Web access works like a charm, but when trying to connect with ssh, I get a 5-10 second delay before the connection completes. I'm running woody with 2.2.18. Here's the rule chain: keittlab:~# ipchains -L -v Chain input (policy REJECT: 745901 packets, 315942760 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 65 5952 ACCEPT icmp -- 0xFF 0x00 any anywhere anywhere any -> any 6529 326K ACCEPT all -- 0xFF 0x00 lo anywhere anywhere n/a 3774 377K ACCEPT all -- 0xFF 0x00 eth1 anywhere anywhere n/a 15118 1209K public all -- 0xFF 0x00 eth0 anywhere anywhere n/a Chain forward (policy REJECT: 0 packets, 0 bytes): Chain output (policy ACCEPT: 628482 packets, 317229217 bytes): Chain public (1 references): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 1696 131K ACCEPT tcp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> ssh 0 0 ACCEPT udp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> ssh 32 6934 ACCEPT tcp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> www Perhaps this is because I'm matching on interfaces and not net addresses? T. -- Timothy H. Keitt Department of Ecology and Evolution State University of New York at Stony Brook Phone: 631-632-1101, FAX: 631-632-7626 http://life.bio.sunysb.edu/ee/keitt/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Timothy H. Keitt Department of Ecology and Evolution State University of New York at Stony Brook Phone: 631-632-1101, FAX: 631-632-7626 http://life.bio.sunysb.edu/ee/keitt/
Re: odd delay with ssh and ipchains
Tim, I don't think you're doing anything wrong. I assume that you're running ssh as a daemon. If this is the case, mine does the same thing. Sometimes my ssh connections don't even go through until I attempt a second connection. It's almost as if the daemon has to 'wake up' before it will accept connections. -jason - Original Message - From: "Timothy H. Keitt" <[EMAIL PROTECTED]> To: Sent: Saturday, February 10, 2001 5:28 PM Subject: odd delay with ssh and ipchains > I just configured ipchains on my firewall box to only allow www and ssh > access from outside the local net. Web access works like a charm, but > when trying to connect with ssh, I get a 5-10 second delay before the > connection completes. I'm running woody with 2.2.18. Here's the rule > chain: > > keittlab:~# ipchains -L -v > Chain input (policy REJECT: 745901 packets, 315942760 bytes): > pkts bytes target prot opttosa tosx ifname mark > outsize sourcedestination ports > 65 5952 ACCEPT icmp -- 0xFF 0x00 any >anywhere anywhere any -> any > 6529 326K ACCEPT all -- 0xFF 0x00 lo >anywhere anywhere n/a > 3774 377K ACCEPT all -- 0xFF 0x00 eth1 >anywhere anywhere n/a > 15118 1209K public all -- 0xFF 0x00 eth0 >anywhere anywhere n/a > Chain forward (policy REJECT: 0 packets, 0 bytes): > Chain output (policy ACCEPT: 628482 packets, 317229217 bytes): > Chain public (1 references): > pkts bytes target prot opttosa tosx ifname mark > outsize sourcedestination ports > 1696 131K ACCEPT tcp -- 0xFF 0x00 any >anywhere keittlab.bio.sunysb.edu any -> ssh > 0 0 ACCEPT udp -- 0xFF 0x00 any >anywhere keittlab.bio.sunysb.edu any -> ssh > 32 6934 ACCEPT tcp -- 0xFF 0x00 any >anywhere keittlab.bio.sunysb.edu any -> www > > Perhaps this is because I'm matching on interfaces and not net addresses? > > T. > > -- > Timothy H. Keitt > Department of Ecology and Evolution > State University of New York at Stony Brook > Phone: 631-632-1101, FAX: 631-632-7626 > http://life.bio.sunysb.edu/ee/keitt/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
odd delay with ssh and ipchains
I just configured ipchains on my firewall box to only allow www and ssh access from outside the local net. Web access works like a charm, but when trying to connect with ssh, I get a 5-10 second delay before the connection completes. I'm running woody with 2.2.18. Here's the rule chain: keittlab:~# ipchains -L -v Chain input (policy REJECT: 745901 packets, 315942760 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 65 5952 ACCEPT icmp -- 0xFF 0x00 any anywhere anywhere any -> any 6529 326K ACCEPT all -- 0xFF 0x00 lo anywhere anywhere n/a 3774 377K ACCEPT all -- 0xFF 0x00 eth1 anywhere anywhere n/a 15118 1209K public all -- 0xFF 0x00 eth0 anywhere anywhere n/a Chain forward (policy REJECT: 0 packets, 0 bytes): Chain output (policy ACCEPT: 628482 packets, 317229217 bytes): Chain public (1 references): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 1696 131K ACCEPT tcp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> ssh 0 0 ACCEPT udp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> ssh 32 6934 ACCEPT tcp -- 0xFF 0x00 any anywhere keittlab.bio.sunysb.edu any -> www Perhaps this is because I'm matching on interfaces and not net addresses? T. -- Timothy H. Keitt Department of Ecology and Evolution State University of New York at Stony Brook Phone: 631-632-1101, FAX: 631-632-7626 http://life.bio.sunysb.edu/ee/keitt/
