Problems configuring iptables
msingerman at ncemch.org
Thu Aug 24 17:08:58 CEST 2006
Gáspár Lajos wrote:
> Martijn Lievaart írta:
>> Matt Singerman wrote:
>>> This did work, yes! Thanks! I am experiencing a new problem,
>>> though: it took an extremely long time for the connection to go
>>> through. Once it connected, it runs at normal speed, but it took a
>>> good 30 or 40 seconds for ssh to prompt me for my password. What
>>> could be causing this? I am guessing it is some sort of routing issue?
>> Ah no. It's either reverse DNS or ident that trips you up. Ethereal
>> is your friend, look what goes on "at the wire".
> I am not sure... but maybe your script blocks the DNS service...
> Try it on your firewalled server and on a client behind the firewall...
> (host www.netfilter.org AND nslookup www.netfilter.org)
So I think the problem was that traffic was not able to flow back out
over the connection from within the firewall. I set up a ne rule
allowing all packets from the internal NIC to head out over the external
NIC, regardless of type or state, and that cleared up the problem
instantly. Thanks again for all the help, everyone!
More information about the netfilter