Date: Tue, 17 Feb 98 12:19:58 GMT From: Matthew Seaman <Matthew_Seaman@plsys.co.uk> To: stable@FreeBSD.ORG Cc: "Harry Patterson" <harry@visiontm.com> Subject: Re: FTP and Telnet pblms with Ethernet Message-ID: <199802171220.MAA10909@ivyhouse.plsys.co.uk> In-Reply-To: <01bd3b98$2bd837a0$d86190cf@harry> References: <01bd3b98$2bd837a0$d86190cf@harry>
next in thread | previous in thread | raw e-mail | index | archive | help
<nofill>"Harry Patterson" wrote:
> I have a nagging problem getting Telnet and FTP to connect in reasonable
> time frame (ws-ftp won't at all). I am using Windows95 with a 10MB Ethernet
> connection to a FreeBSD 2.2.5 box. Apache works fine (fast) so it doesn't
> seem to be a DNS thing (simple DNS with only one box, one domain, nslookup
> and ping are fast from the win95 box). It appears to be taking inetd a long
> time to issue the login and causes timeouts. (just remembered mail does the
> same thing, all login dependant).
</nofill>
Sounds like a problem to do with inetd. Are you by any chance using
tcp_wrappers on the FreeBSD box? It could be to do with ident (RFC 931)
timeouts --- the tcp_wrappers source mentions this as a problem with
certain OS's. From the Makefile:
<nofill>
# The default username lookup timeout is 10 seconds. This may not be long
# enough for slow hosts or networks, but is enough to irritate PC users.
RFC931_TIMEOUT = 10
</nofill>
You can work around this, and still use tcp_wrappers if (a) you compile
tcp_wrappers *without* the -DALWAYS_RFC931 definition and (b) you set up
your hosts.allow and hosts.define files not to use anything that will
trigger an ident lookup for those hosts --- ie. don't use the `rfc931'
flag or the `%u' special.
<nofill>
> I've seen this question posted in a couple of places (I've been virtually
> everywhere) and the only response was possibly DNS. If it was DNS, why
> would http work fine?
</nofill>
DNS timeouts can also be a problem with wrapped services: the wrappers
will attempt to do a gethostbynumber() and then a gethostbyname() on the
result of that to detect spoofing. httpd's are usually configured not to
lookup the hosts that connect to them for maximum performance. For
apache, that's the
<nofill>
HostnameLookups off
directive in httpd.conf.
Cheers,
MAtthew
--
Certe, Toto, sentio nos in Kansate nin iam adesse.
Matthew Seaman P&L Systems, 12 The Broadway, Amersham, Bucks., HP7 0HP, UK
Tel: +44 1494 432422 Fax: +44 1494 432478
</nofill>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802171220.MAA10909>