Date: Tue, 16 Sep 2003 12:47:24 -0400 From: Chuck Swiger <cswiger@mac.com> To: Lay Tay <LTay@certicom.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Slow NAT firewall Message-ID: <3F673E9C.9070201@mac.com> In-Reply-To: <OF9E4E2FF8.DEE0C3D1-ON85256DA2.0066F11D-88256DA2.00675B85@certicom.com> References: <OF9E4E2FF8.DEE0C3D1-ON85256DA2.0066F11D-88256DA2.00675B85@certicom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Lay Tay wrote: [ ... ] > Everything worked fine except that I noticed ssh connection takes a very > long time. When I use PUTTY or WinSCP on a windows machine to connect to > my internal machine, the authentication takes a very long time. WinSCP > will alway timeout on the first try, when I hit "retry", the > authentication goes through. > > This does not happen if I insert a "pass everything" rule in ipfw. Sounds a lot like a DNS timeout. I'm not sure your rules for port 53 are doing exactly the right thing; where does DNS traffic go when you do this SSH connection? -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F673E9C.9070201>