On Wed, 2004-08-25 at 13:48, Jason Opperisano wrote: > > ... but the connection takes a long time to terminate. If I disable all > > the rules, ftp connection goes directly but with iptables enabled it > > takes such 8 seconds to accomplish the annonymomus connection ( with > > data port and passive models ). > > > > What is this all about ??? > > > > Regards > > Vincent > > your server is trying to do a reverse DNS lookup on the IP address of the connecting client. either disable reverse lookups on your FTP server, or allow it to resolve DNS through your firewall. > > -j Here the logfile generated by tcpdump on my firewall when I ... ftp 192.168.125.1 (from 192.168.124.1) 14:31:19.818595 IP 192.168.124.1.32790 > 192.168.125.1.ftp: S 2452334504:2452334504(0) win 5840 <mss 1460,sackOK,timestamp 10914109[|tcp]> 14:31:19.819085 IP 192.168.125.1.ftp > 192.168.124.1.32790: S 2932060858:2932060858(0) ack 2452334505 win 5792 <mss 1460,sackOK,timestamp 1164327[|tcp]> 14:31:19.819448 IP 192.168.124.1.32790 > 192.168.125.1.ftp: . ack 1 win 5840 <nop,nop,timestamp 10914109 1164327> 14:31:29.830558 IP 192.168.125.1.ftp > 192.168.124.1.32790: P 1:66(65) ack 1 win 5792 <nop,nop,timestamp 1165329 10914109> 14:31:29.830970 IP 192.168.124.1.32790 > 192.168.125.1.ftp: . ack 66 win 5840 <nop,nop,timestamp 10924124 1165329> Furthermore, as you suggested it I added in my proftpd server configuration UseReverseDNS off ... But this does not change anything. I hope these information will be useful for you. Regards Vincent
