Am Don, 2003-02-27 um 21.23 schrieb Del Winiecki: > Hi, > Everything seems to work fine except FTP via NAT. > The interfaces that are not natted handle ftp normally. > When I do ftp from inside where the connection goes thru nat, I get an > instant establisment of connection,syn,ack,syn-ack followed by a 30 > second wait...then all works normally from that point. This 30 second > delay is constant with each new ftp connection. I have tried about > everything in the iptables script. > Passive ftp does the same thing. Might be an issue with identd. Many ftp servers do reverse identd lookups on the client. If you drop these on your firewall they have to wait for the timeout. Reject identd on your firewall: iptables -A INPUT -p tcp --dport 113 -j REJECT Other possibility is reverse DNS lookup by the FTP server. Cheers, Ralf > -- Ralf Spenneberg RHCE, RHCX IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org
