10-30 seconds for telnet? Even on a 386/33 this is just way too much delay to be accounting for in packet filtering rules. I would suspect something else, like ident checking which is waiting to time out and reverse-dns lookups timing out. Often these two things are used to gather info to log about who's getting into your machine. If they aren't there it can take a while for the lookup to time out. Check into that.
Chris Brown wrote: > Hello, > > Our company LAN is divided into two segments, and I have > just finished implementing firewalling rules for the router in between > them, to protect the inner network from the outside world. After > meticulously designing an installing my ipchains rules, I was > dismayed by the performance hit they incurred. Before installing > the firewalling rules, connection latency between the networks was > normally below ~50ms. telnet, ftp, and other logins took less than > a second to return a login prompt. Now, after installing the rules, a > connection across the firewall takes at least 10sec, occasionally > taking over 30sec. Once the login is successful, latency isn't too > bad, but still noticably worse - well over 200-300ms - when in a > telnet session. The router is a 386/33 with 16MB of RAM and two > ISA Ethernet cards. Is this an underpowered machine for > firewalling? I shouldn't think this is the problem... Are there any > errors that add to connection latency that I should be looking for in > the firewalling rules? > > Thanks, > Chris Brown > [EMAIL PROTECTED] > Seitz Technical Products Inc. > > ********************************************************************* > Chris Brown [EMAIL PROTECTED] !!! HELP FIGHT SPAM !!! > > Join; www.cauce.org See; spam.abuse.net, spamsucks.com, www.cm.org > **************************************************************** > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- Jens B. Jorgensen [EMAIL PROTECTED]
