Disregard that email I just sent, didn't notice you were actually getting a connection, even though it was *slow*.
---------- Forwarded message ---------- Date: Wed, 28 Nov 2001 11:15:29 -0700 (MST) From: _ <[EMAIL PROTECTED]> To: aman raheja <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: ipchains Aman, Sounds like your ipchains are the following: 1.) $ipchains -A input -i eth0 -s 0/0 -d $hostA 22 -j ACCEPT 2.) $ipchains -A output -i eth0 -s $hostA 22 -d 0/0 -j ACCEPT 3.) $ipchains -A input -i eth0 -s 0/0 -d 0/0 -j DENY Am I right? If so, I would make this modification: change the second rule to this: $ipchains -A output -i eth0 -s $hostA -d 0/0 22 -j ACCEPT The second rule seemed to be anticipating your outgoing process to spawn from the connection port. (Assuming I properly interpreted what you wrote.) Your processes should spawn from 1024:65535, so you can just as easily add that (-s $hostA 1024:65535) I would additionally use ssh -v localhost to help troubleshoot the problem. Hope it helps. On Tue, 27 Nov 2001, aman raheja wrote: > If I drop the firewall, the connection is instant, no time lag. > Suggestions? > Aman > > > > >Might be the DNS look-up. Although I've seen establishing ssh connections > >that took a while with hosts that are know to the dns servers. What happens > >if you drop the firewall and then connect to it? > > > > > hi all > > > i have configured ipchains on my linux 7.1 box. > > > the 3 rules (in order) do the following > > > 1> accept src 0.0.0.0/0 port * dst hostA port 22 > > > 2> accept src hostA port 22 dst 0.0.0.0/0 port * > > > 3> deny src 0.0.0.0/0 port * dst 0.0.0.0/0 port * > > > I intend to allow ssh on hostA, and deny everything else. > > > It works but it takes too long for the connection to establish even when > >= > > > I > > > am doing ssh from hostA to hostA itself. I wonder why? > > > Suggestions?
