From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: iptables delay connection phase
Date: 30 Jun 2003 09:33:04 +0200 [thread overview]
Message-ID: <1056958383.8463.14.camel@raylinux.internal> (raw)
In-Reply-To: <002d01c33ed7$360fc600$8101a8c0@tani>
[-- Attachment #1: Type: text/plain, Size: 3016 bytes --]
Make sure that your rc.firewall allows auth (port 113). That is most
likely causing your delay.
On Mon, 2003-06-30 at 09:14, eNet wrote:
> Hello List,
>
> I am new in iptables and list.
>
> I have problem when my dialup clients trying to check their emails.
> There is a delay because of iptables. On that box I use linux kernel
> 2.4.19 and rc.firewall
>
> Here are more details of what is happening:
>
> Case 1. without iptables . It is OK. No delay.
> 19:45:51.756818 arp who-has xxx.xxx.xxx.1 tell xxx.xxx.xxx.129
> 19:45:51.756837 arp reply xxx.xxx.xxx.1 is-at yy:yy:yy:yy:yy
> 19:45:51.756920 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: S
> 1490445489:1490445489(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> 19:45:51.756988 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2814: S
> 401842756:401842756(0) ack 1490445490 win 5840 <mss
> 1460,nop,nop,sackOK>
> (DF)
> 19:45:51.757102 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: . ack 1
> win 17520 (DF)
> 19:45:51.761677 xxx.xxx.xxx.1.48021 > xxx.xxx.xxx.129.auth: S
> 387191140:387191140(0) win 5840 <mss 1460,sackOK,timestamp 251690774
> 0,nop,wscale 0> (DF) 19:45:51.761856 xxx.xxx.xxx.129.auth >
> xxx.xxx.xxx.1.48021: R 0:0(0) ack 387191141 win 0
>
> etc...
>
> Case 2. iptables activated. Problem: delay
> 20:00:43.670848 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: S
> 1713847144:1713847144(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> 20:00:43.670903 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2824: S
> 1342878817:1342878817(0) ack 1713847145 win 5840 <mss
> 1460,nop,nop,sackOK>
> (DF)
> 20:00:43.671015 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: . ack 1
> win 17520 (DF)
> 20:00:43.672185 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S
> 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251779965
> 0,nop,wscale 0> (DF)
>
>
> now it goes around (!!!!!??)
>
> 20:00:43.672291 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0)
> ack 1340299400 win 0
> 20:00:46.666594 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S
> 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780265
> 0,nop,wscale 0> (DF)
> 20:00:46.666744 192.168.1.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack
> 1 win
> 0
> 20:00:52.666607 192.168.1.1.48326 > xxx.xxx.xxx.129.auth: S
> 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780865
> 0,nop,wscale 0> (DF)
> 20:00:52.666754 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0)
> ack 1 win
> 0
>
> untill here:
>
> 20:01:04.666637 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S
> 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251782065
> 0,nop,wscale 0> (DF)
>
> etc....
>
> Any help appreciated.
>
> Tani
>
>
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
prev parent reply other threads:[~2003-06-30 7:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-30 7:14 iptables delay connection phase eNet
2003-06-30 7:33 ` Ray Leach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1056958383.8463.14.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.