Hello all! I lately installed a firewall on my SuSe 6.2 Box, to protect our corporate network. The firewall runs almost as supposed, but i have a speed problem with network traffic, since the firewall is up. At the moment http and ftp is forwarded to a local proxy. This works great and with almost the same performance as without an firewall. The problems are other services, for example a telnet-session to the firewall (yes, i know i schould be using ssh. --working on it!) needs about 20 seconds ( 2 secs before firewall) to connect. The same problem exists for pop3, smtp- and domain-services. These rules are always confgured as an input and an output rule, no forwarding is done on any ports. Maybe i have just not compiled the kernel features in the right way? Or is the ruleset more complicated? Has anybody a solution for this problem by now, or is more "input" needed? Thanks! Thomas
Thomas Stahl wrote:
The problems are other services, for example a telnet-session to the firewall (yes, i know i schould be using ssh. --working on it!) needs about 20 seconds ( 2 secs before firewall) to connect. The same problem exists for pop3, smtp- and domain-services.
The time needes to connect could be caused by tap ident authentication (port 113). If you make a telnet-connection (pop3 and smtp, too), the connected server tries to look up the user on the client by ident. You should reject port 113 to set up connections faster. Regards, Thomas -- Marciniak Online Service fon: (0231) 58 90 154 Thomas Marciniak fax: (0231) 58 90 155 Schachtstrasse 1 http://www.marciniak.de 44149 Dortmund e-mail: tmarcin@marciniak.de
participants (2)
-
Thomas Marciniak -
Thomas Stahl