leafy wrote:
> With IPFILTER enabled in the kernel, all socket(2) calls
> inbound/outbound are very slow. A normal SSH connection within the
> same subnet takes 5 minutes to connect. Anything I can provide to pin
> down the problem?
Are you sure _all_ socket calls are slow? 5.0-R had reverse resolution
for sshd (which happened no matter what the configuration said) run
inside chrooted /var/empty, so if no /var/empty/etc/resolv.conf,
nsswitch.conf, hosts, etc, existed, it would look up 127.0.0.1 (you can
tcpdump -ni lo0 on the server to see if it does that when a new ssh
connection arrives). If blackhole or firewall was used, no answer would
be returned to this dns request, and the ssh login would lag for a long
time.
BTW, what font are you using? When on FreeBSD, with Mozilla, your
messages are all but unreadable.
--
Daniel C. Sobral
Gere^ncia de Operac,o~es
Divisa~o de Comunicac,a~o de Dados
Coordenac,a~o de Seguranc,a
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
