ssh login lag

atomi atomi.archive at gmail.com
Thu May 25 16:18:46 UTC 2006 

"Try to disactivate the stringent firewall rules, run ethereal and
look what kind of traffic is there in the normal (fast) case. Then
modify the firewall rules accordingly."

excellent.
Thanks all


On 5/25/06, Roberto Ragusa <mail at robertoragusa.it> wrote:
>
> atomi wrote:
> > I've got a pretty bare bones system. Headless Fedora Core 5
> > My problem occurs when I login via putty through SSH,
> > after I've entered my password there is an ugly lag...
> >
> > here here is my IPTABLES:
> >
> > *filter
> > :OUTPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :FIREWALL-INPUT - [0:0]
> > :INPUT ACCEPT [0:0]
> > -A INPUT -j FIREWALL-INPUT
> >
> > -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
> > -A FIREWALL-INPUT -p tcp -m tcp -j REJECT
> > -A FIREWALL-INPUT -p udp -m udp -j REJECT
> > COMMIT
> >
> > so, alright, pretty simple huh; anyone know why the lag monster appears?
> > ANY insight i think would help.
>
> You're probably blocking DNS queries or you have wrong DNS
> settings.
>
> I think the sshd process is trying to resolve the IP you're connecting
> from to a name, but the firewall is dropping the packets, so it has
> to wait that some timeout expires before going on.
>
> Try to disactivate the stringent firewall rules, run ethereal and
> look what kind of traffic is there in the normal (fast) case. Then
> modify the firewall rules accordingly.
>
> Alternatively, add a -j LOG rules before the REJECT rules, so you can
> see in /var/log/messages what you're blocking.
>
>   -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
>   -A FIREWALL-INPUT -p tcp -m tcp -j LOG
>   -A FIREWALL-INPUT -p tcp -m tcp -j REJECT
>   -A FIREWALL-INPUT -p udp -m udp -j LOG
>   -A FIREWALL-INPUT -p udp -m udp -j REJECT
>
> Do you see a "Last login: " line after the delay? Does it contain
> a numeric IP or a hostname?
>
> Best regards.
> --
>    Roberto Ragusa    mail at robertoragusa.it
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060525/d38c1326/attachment-0001.htm>

More information about the fedora-list mailing list