Hello, I've been working on a new linux box with proftpd server and im at the point where I need to secure the server. Iptables is set to block everything incoming and outgoing expect a few services like SSH INPUT, ICMP INPUT & OUTPUT, DNS OUTPUT and FTP INPUT Here is the rule that seem to be causing problems: -A INPUT -i eth0 -d 192.168.25.172/255.255.255.255 -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT If ip tables tables is off, I get a prompt for a username in less then a second. When ip tables is turned on, it takes a good 5-10 seconds. I also have 4 stateful rules: -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT Anyone ever encountered a smilar problem? Anyone has any idea of what can possibly be wrong in this case? Many thanks!
I just found the solution to my problem. I spammed netstats and packet-sniffed myself to finally see that the authentication was tried on port 113 first, then timed out and tried on port 21. So if anyone is having a similar problem, opening tcp port 113 in iptables worked for me. It might be a different port for other services, its just a matter of finding which one.
Sorry for this late reply, but if you add IdentLookups off within the <Global></Global> option than this will also fix the "slow" login. I'm not 100% sure, but I used to have this problem also (with my IPtables), and doing the "IdentLookups off" fixed the problem for me.
Thanks a lot, I will try that with the port 113 removed port from iptables and see what happens. EDIT: Yep, that made it and I prefer that solution too. Thank you very much!
