Date: Thu, 06 Mar 2003 11:28:45 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: leafy <leafy@leafy.idv.tw> Cc: freebsd-current@FreeBSD.ORG Subject: Re: IPFILTER broken as of world/kernel a few hours old Message-ID: <3E675B1D.50605@tcoip.com.br> In-Reply-To: <20030305062725.GA679@leafy.idv.tw> References: <20030305062725.GA679@leafy.idv.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
leafy wrote: > With IPFILTER enabled in the kernel, all socket(2) calls > inbound/outbound are very slow. A normal SSH connection within the > same subnet takes 5 minutes to connect. Anything I can provide to pin > down the problem? Are you sure _all_ socket calls are slow? 5.0-R had reverse resolution for sshd (which happened no matter what the configuration said) run inside chrooted /var/empty, so if no /var/empty/etc/resolv.conf, nsswitch.conf, hosts, etc, existed, it would look up 127.0.0.1 (you can tcpdump -ni lo0 on the server to see if it does that when a new ssh connection arrives). If blackhole or firewall was used, no answer would be returned to this dns request, and the ssh login would lag for a long time. BTW, what font are you using? When on FreeBSD, with Mozilla, your messages are all but unreadable. --=20 Daniel C. Sobral Gere^ncia de Operac,o~es Divisa~o de Comunicac,a~o de Dados Coordenac,a~o de Seguranc,a TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E675B1D.50605>