odd delay with ssh and ipchains

To: debian-user@lists.debian.org
Subject: odd delay with ssh and ipchains
From: "Timothy H. Keitt" <Timothy.Keitt@SUNYSB.Edu>
Date: Sat, 10 Feb 2001 18:28:20 -0500
Message-id: <[🔎] 3A85CE94.3040200@SUNYSB.Edu>

I just configured ipchains on my firewall box to only allow www and sshaccess from outside the local net. Web access works like a charm, butwhen trying to connect with ssh, I get a 5-10 second delay before theconnection completes. I'm running woody with 2.2.18. Here's the rulechain:


keittlab:~# ipchains -L -v
Chain input (policy REJECT: 745901 packets, 315942760 bytes):

pkts bytes target prot opt tosa tosx ifname markoutsize source destination ports65 5952 ACCEPT icmp ------ 0xFF 0x00 anyanywhere anywhere any -> any6529 326K ACCEPT all ------ 0xFF 0x00 loanywhere anywhere n/a3774 377K ACCEPT all ------ 0xFF 0x00 eth1anywhere anywhere n/a15118 1209K public all ------ 0xFF 0x00 eth0anywhere anywhere n/a

Chain forward (policy REJECT: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 628482 packets, 317229217 bytes):
Chain public (1 references):

pkts bytes target prot opt tosa tosx ifname markoutsize source destination ports1696 131K ACCEPT tcp ------ 0xFF 0x00 anyanywhere keittlab.bio.sunysb.edu any -> ssh0 0 ACCEPT udp ------ 0xFF 0x00 anyanywhere keittlab.bio.sunysb.edu any -> ssh32 6934 ACCEPT tcp ------ 0xFF 0x00 anyanywhere keittlab.bio.sunysb.edu any -> www


Perhaps this is because I'm matching on interfaces and not net addresses?

T.

--
Timothy H. Keitt
Department of Ecology and Evolution
State University of New York at Stony Brook
Phone: 631-632-1101, FAX: 631-632-7626
http://life.bio.sunysb.edu/ee/keitt/

Reply to:

Follow-Ups:
- Re: odd delay with ssh and ipchains
  - From: "Jason Schepman" <jschepma@midsouth.rr.com>

Prev by Date: XVideo with 3dfx V3
Next by Date: Corel WP 2000 and X4.02/testing
Previous by thread: XVideo with 3dfx V3
Next by thread: Re: odd delay with ssh and ipchains
Index(es):
- Date
- Thread