Re: Delay in responding caused by netfilter ? [Completely Solved]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Jörg Harmuth" <harmuth@mnemon.de>
To: netfilter@lists.netfilter.org
Subject: Re: Delay in responding caused by netfilter ? [Completely Solved]
Date: Wed, 04 May 2005 13:27:53 +0200	[thread overview]
Message-ID: <4278B1B9.9040302@mnemon.de> (raw)
In-Reply-To: <4273031B.20009@riverviewtech.net>

Hi all,

Taylor, Grant schrieb:
> 
> Rather than allowing ident would it be possible to do a REJECT (via
> iptables -t filter -A OUTPUT -j REJECT) (I'm not sure if this can be a
> policy or not) that way the ident will fail immediately verses timing
> out?  That is if you don't want the ident to happen.  Seeing as how a
> LOT of servers don't even support ident any more this might just as well
> be an option.
> 

Which is what I did on one server (SuSE) and it solved the problem there.

The other server was different in that the problem occured not always,
only about 80% of all connections were affected and only POP3. The real
solution can be found here:

http://www.washington.edu/imap/IMAP-FAQs/index.html issue 7.24

Quick summary. Mostly the cause is either reverse DNS request timing out
or ident requests also timing out. The latter happens on systems running
xinetd. In e.g /etc/xinetd.d/ipop3 are lines like

log_on_success += USERID

These lines cause inetd to start an ident request. Delete all of these
and similar lines in each file they occur, restart xinetd and the prolem
is gone. No need to write rules :)

Thanks to all providing ideas and pointing me to ident.

Have a nice time,

Joerg

next prev parent reply	other threads:[~2005-05-04 11:27 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-29 11:50 Delay in responding caused by netfilter ? Jörg Harmuth
2005-04-29 13:37 ` Alistair Tonner
2005-04-29 14:25   ` Jason Opperisano
2005-04-30  4:01     ` Taylor, Grant
2005-05-02  7:50       ` Taylor, Grant
2005-05-04 11:27       ` Jörg Harmuth [this message]
2005-05-04 16:23         ` Delay in responding caused by netfilter ? [Completely Solved] Taylor, Grant
2005-05-05  0:29         ` Alistair Tonner
2005-04-29 17:45   ` Delay in responding caused by netfilter ? R. DuFresne

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4278B1B9.9040302@mnemon.de \
    --to=harmuth@mnemon.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.