On Thu, 2005-02-17 at 11:48, Askar wrote: > hi list > > we are running ftp "proftpd" server it takes times when a user > connects to ftp server however when I flush the iptables rules > connection doesn't takes time, iptables firewall on the same machine, > default policies are DROP, > firewall script is very straight forward > > rules > . > . > # Using Connection State to By-pass Rule Checking > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > . > . > .iptables -A INPUT -p tcp --dport 20:21 -m state --state NEW -j ACCEPT > . > . > > # Load the FTP connection state helper module. > modprobe ip_conntrack_ftp > # Load the FTP NAT module. > modprobe ip_nat_ftp > > any idea? you have your FTP server configured to perform IDENT lookups on the clients, perhaps? iptables -A OUTPUT -p tcp --syn --dport 113 -j ACCEPT -j -- "You heard me, I won't be in for the rest of the week... I told you, my baby beat me up... oh it is not the worst excuse I ever thought up." --The Simpsons
