Thread: IPtables slowing down my proftpd server.
View Single Post
  #1  
Old 15th March 2007, 15:14
Tohubohu Tohubohu is offline
Junior Member
  
Join Date: Mar 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default IPtables slowing down my proftpd server.
Hello,

I've been working on a new linux box with proftpd server and im at the point where I need to secure the server.

Iptables is set to block everything incoming and outgoing expect a few services like SSH INPUT, ICMP INPUT & OUTPUT, DNS OUTPUT and FTP INPUT

Here is the rule that seem to be causing problems:

-A INPUT -i eth0 -d 192.168.25.172/255.255.255.255 -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT

If ip tables tables is off, I get a prompt for a username in less then a second. When ip tables is turned on, it takes a good 5-10 seconds.

I also have 4 stateful rules:

-A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

Anyone ever encountered a smilar problem? Anyone has any idea of what can possibly be wrong in this case?

Many thanks!
Reply With Quote
Sponsored Links