Re: SSH-login is slow to connect with remote computer

Sun, 03 Jun 2007 19:18:03 -0700 

Bray Mailloux wrote:

Bray Mailloux wrote:

Hello;
I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. 
My gut tells me the problems may be related.

My pf rules on my router are as such:
#       $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip="64.142.102.8"
local_int_ip="192.168.0.1"
local_int_block="192.168.0.0/24"
dmz_ip="192.168.1.1"
dmz_block="{ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 }" 
dmz_www_ip="64.142.102.9"
local_www_ip="192.168.1.4"
#DNS Server
dmz_scarlett_ip="64.142.102.10"
dmz_shelly_ip="64.142.102.11"
local_scarlett_ip="192.168.1.2"
local_shelly_ip="192.168.1.3"
dmz_qmail_ip="64.142.102.12"
local_qmail_ip="192.168.1.4"
tcp_services= "( ssh, smtp, domain, www, pop3 )"
udp_services= "( domain )"

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any -> $ext_ip
binat on rl0 from $local_www_ip to any -> $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any -> $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any -> $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any -> $dmz_qmail_ip
i have a similar ruleset. you need to only nat on rl0 from elements in { $local_int_block - $dmz_ips }, do this with a table using the not (!) operator, see the pf.conf manpage. then you will be binat-ing properly and get expected behavior.
DNS resolution does seem probably, neither DNS computers nor my WWW computer can ping their respective name servers, but the ssh connection that exists between my computer and the servers is still shaky besides the long response time. For instance, the servers sometimes unexpectedly close the connections. Do you have any other ideas?

Reply via email to