Hello Askar Usually it is because of reverse DNS done when a client connects. If your firewall doesnt have access to any DNS and tries to resolve the client hostname, each time a client connects, it will have to wait until the server times out on DNS requests. Configure DNS and add iptables -A OUTPUT -p udp --dport 53 -d $DNS_SERVER -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -d $DNS_SERVER -j ACCEPT Replace $DNS_SERVER with your DNS server's IP. If you have more, add as much rules as needed. You may also take a look into proftpd config, maybe you can simply deactivate reverse DNS lookup on connect. Hope this helps Have a nice day Maxime Ducharme Programmeur / Spécialiste en sécurité réseau ----- Original Message ----- From: "Askar" <askarali@xxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, February 17, 2005 11:48 AM Subject: slow ftp > hi list > > we are running ftp "proftpd" server it takes times when a user > connects to ftp server however when I flush the iptables rules > connection doesn't takes time, iptables firewall on the same machine, > default policies are DROP, > firewall script is very straight forward > > rules > . > . > # Using Connection State to By-pass Rule Checking > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > . > . > .iptables -A INPUT -p tcp --dport 20:21 -m state --state NEW -j ACCEPT > . > . > > # Load the FTP connection state helper module. > modprobe ip_conntrack_ftp > # Load the FTP NAT module. > modprobe ip_nat_ftp > > any idea? > > regards > > -- > I love deadlines. I like the whooshing sound they make as they fly by. > Douglas Adams >
