atomi wrote: > I've got a pretty bare bones system. Headless Fedora Core 5 > My problem occurs when I login via putty through SSH, > after I've entered my password there is an ugly lag... > > here here is my IPTABLES: > > *filter > :OUTPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :FIREWALL-INPUT - [0:0] > :INPUT ACCEPT [0:0] > -A INPUT -j FIREWALL-INPUT > > -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT > -A FIREWALL-INPUT -p tcp -m tcp -j REJECT > -A FIREWALL-INPUT -p udp -m udp -j REJECT > COMMIT > > so, alright, pretty simple huh; anyone know why the lag monster appears? > ANY insight i think would help. You're probably blocking DNS queries or you have wrong DNS settings. I think the sshd process is trying to resolve the IP you're connecting from to a name, but the firewall is dropping the packets, so it has to wait that some timeout expires before going on. Try to disactivate the stringent firewall rules, run ethereal and look what kind of traffic is there in the normal (fast) case. Then modify the firewall rules accordingly. Alternatively, add a -j LOG rules before the REJECT rules, so you can see in /var/log/messages what you're blocking. -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT -A FIREWALL-INPUT -p tcp -m tcp -j LOG -A FIREWALL-INPUT -p tcp -m tcp -j REJECT -A FIREWALL-INPUT -p udp -m udp -j LOG -A FIREWALL-INPUT -p udp -m udp -j REJECT Do you see a "Last login: " line after the delay? Does it contain a numeric IP or a hostname? Best regards. -- Roberto Ragusa mail at robertoragusa.it
