Sami Nieminen wrote: > > Hi, > > I am running debian woody on my nat firewall. Kernel is 2.4.19-pre2-ac2 and > iptables 1.2.5. I use narc 0.6.1 to create iptables rules. I have one linux > computer and one windows computer on small internal LAN behind the firewall > that does DNAT. > > I can access internet normally without any problems from all three > computers. > When I try to access the firewall computer itself, it takes a long time. ... it looks like you're running into some timeout, which usually is either a DNS-lookup or ident-lookup ...
... just try to type in he following lines on your FW-console and see if it gets any better (to gracefully reject any ident-lookups instead timeout): iptables -I INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset iptables -I OUTPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset You might also want to setup a reverse-lookup for your internal ip-addresses in your nameserver to avoid asking the world for your computer names ... Enable named-logging or just do a tcpdump on the external interface and see if there's any DNS (port 53) requests when you try to connect to your box ... hope that helps ... - Karl
