RE: TCP delay, solved

[ ident lookups causing tcpd to be slow ] There's no satisfactory answer to this problem at present, I think. umm, reading the manual? man 5 hosts_access [on Debian Linux at least] CLIENT USERNAME LOOKUP When the client host supports the RFC 931 protocol or one of its

Re: TCP delay, solved

On Friday 14 June 2002 8:15 am, David Luyer wrote: [ ident lookups causing tcpd to be slow ] There's no satisfactory answer to this problem at present, I think. So it's a compile option on tcpd. Recompile with it disabled. Yes, but that would need to be done by everyone out on the

RE: TCP delay, solved

On Friday 14 June 2002 8:15 am, David Luyer wrote: [ ident lookups causing tcpd to be slow ] There's no satisfactory answer to this problem at present, I think. So it's a compile option on tcpd. Recompile with it disabled. Yes, but that would need to be done by everyone out

RE: TCP delay, solved

Easy solution: deny (connection reset) rather than drop the connections I meant reject. From the man page: REJECT This is used to send back an error packet in response to the matched packet: otherwise it is equivalent to DROP so it is a terminating TARGET,

Re: TCP delay, solved

On Friday 14 June 2002 9:25 am, David Luyer wrote: Easy solution: deny (connection reset) rather than drop the connections I meant reject. From the man page: Why connection reset? For idiots at the other end who firewall all ICMP. Same problem. Leaves me with a port on my

Re: TCP delay, solved

fre, 2002-06-14 kl. 11:16 skrev Antony Stone: Yes, that's the hole in my firewall I referred to. By sending back RST to packets coming in on TCP port 113, I'm telling people there's a firewall there. All other ports send back nothing, and I don't want this one to stand out as being

RE: TCP delay, solved

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Antony Stone Sent: Friday, June 14, 2002 5:19 AM To: [EMAIL PROTECTED] Subject: Re: TCP delay, solved On Friday 14 June 2002 9:25 am, David Luyer wrote: Easy solution: deny (connection reset

RE: TCP delay, solved

to try it on a real live firewall sometime soon -Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Patterson Sent: Friday, June 14, 2002 4:30 PM To: Antony Stone; [EMAIL PROTECTED] Subject: RE: TCP delay, solved How about this as a possible

Re: TCP delay, solved

Antony Stone [EMAIL PROTECTED] wrote: On Wednesday 12 June 2002 5:33 pm, Nathan Cassano wrote: Well you learn something new every day. Today I learned inetd does ident checks on it's clients. Yes, it's called tcpwrappers, and has been pretty standard on systems for I'd say about four

Re: TCP delay, solved

On Thursday 13 June 2002 10:59 am, Juri Haberland wrote: This is annoying, is there a way you can turn this off inside inetd? Yes, it's the bit on each line of /etc/inetd.conf which says /usr/sbin/tcpd - it does an ident lookup and logs the access to syslog before handing the

RE: TCP delay, solved

Well you learn something new every day. Today I learned inetd does ident checks on it's clients. This is annoying, is there a way you can turn this off inside inetd? So I added a rule to return the port-unreachable error and everything now works hunky dory. Thanks everyone for your help.