Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th March 2007, 15:14
Tohubohu Tohubohu is offline
Junior Member
 
Join Date: Mar 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default IPtables slowing down my proftpd server.

Hello,

I've been working on a new linux box with proftpd server and im at the point where I need to secure the server.

Iptables is set to block everything incoming and outgoing expect a few services like SSH INPUT, ICMP INPUT & OUTPUT, DNS OUTPUT and FTP INPUT

Here is the rule that seem to be causing problems:

-A INPUT -i eth0 -d 192.168.25.172/255.255.255.255 -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT

If ip tables tables is off, I get a prompt for a username in less then a second. When ip tables is turned on, it takes a good 5-10 seconds.

I also have 4 stateful rules:

-A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

Anyone ever encountered a smilar problem? Anyone has any idea of what can possibly be wrong in this case?

Many thanks!
Reply With Quote
Sponsored Links
  #2  
Old 15th March 2007, 18:14
Tohubohu Tohubohu is offline
Junior Member
 
Join Date: Mar 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I just found the solution to my problem. I spammed netstats and packet-sniffed myself to finally see that the authentication was tried on port 113 first, then timed out and tried on port 21.

So if anyone is having a similar problem, opening tcp port 113 in iptables worked for me. It might be a different port for other services, its just a matter of finding which one.
Reply With Quote
  #3  
Old 17th March 2007, 22:10
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 261
Thanked 147 Times in 128 Posts
Default

Sorry for this late reply, but if you add IdentLookups off within the <Global></Global> option than this will also fix the "slow" login.

I'm not 100% sure, but I used to have this problem also (with my IPtables), and doing the "IdentLookups off" fixed the problem for me.
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #4  
Old 19th March 2007, 12:47
Tohubohu Tohubohu is offline
Junior Member
 
Join Date: Mar 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Thanks a lot, I will try that with the port 113 removed port from iptables and see what happens.

EDIT: Yep, that made it and I prefer that solution too. Thank you very much!

Last edited by Tohubohu; 19th March 2007 at 12:52.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
php Apps email not going through palkat General 8 21st September 2011 05:35
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 10:01
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 18:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.