TimeOut Problems

TimeOut Problems

Post by Friedrich Koelbe » Thu, 31 May 2001 22:51:19



Hi,

On my Suse Linux 7.0 Pro IP-Filter I have the problem, that services like
ssh, ftp from a remote machine to the firewall take a long time to work (1
minute) - once they work, all is fine.
I have the same problem if i try "telnet <ip> port" from the firewall to
another machine (at least I can not connect my DMZ via ssh when the firewall
is up - but maybe this should be another mailing)

Till now it was not realy a problem, I used to wait, but now I have a
Timeout-Problem with a "forward", which has to be solved.

If I stop the Firewall (no ipchain-ruleset) the problem still exists - so I
dont think it can not realy be a Firwall-Problem, but on the other Hand I
have manny of following entries in my logfiles:

May 30 13:20:13 lilo kernel: Packet log: output DENY eth0 PROTO=1
212.152.157.84:3 195.70.224.62:3 L=101 S=0xC0 I=1639 F=0x0000 T=255 (#3)
I know them (from Manfred Bartz) as

ICMP Type .....= 3  = Destination Unreachable
ICMP Code .....= 3  = Port Unreachable

195.70.224.62 is my NameServer

I try to configure everything with the SuseFireWallSrcipt, in addition to
this I allow:

echo-reply, destination-unreachable, time-exceeded, parameter-problem

with: ipchains -A input  -i eth1 -p icmp --icmp-type
"destination-unreachable" -j ACCEPT

eth0, eth1, input, output - nothing changed my log...

can anybody help me with that? - Would be great,

Thanks in advance, Fritz

 
 
 

TimeOut Problems

Post by Friedrich Koelbe » Thu, 31 May 2001 23:48:05




Quote:> Hi,

> On my Suse Linux 7.0 Pro IP-Filter I have the problem, that services like
> ssh, ftp from a remote machine to the firewall take a long time to work (1
> minute) - once they work, all is fine.
> I have the same problem if i try "telnet <ip> port" from the firewall to
> another machine (at least I can not connect my DMZ via ssh when the
firewall
> is up - but maybe this should be another mailing)

> Till now it was not realy a problem, I used to wait, but now I have a
> Timeout-Problem with a "forward", which has to be solved.

The (first) Problem seems to be solved :-)

I think it was a Reverse-Lookup - Problem.

I allowed the DNS (FW_SERVICE_DNS="yes" in the SuseScript) which may be not
realy the best, because the FirewallScript is warning me:
Warning: FW_SERVICE_DNS defined, but no DNS server found running!

But now Login and Forward is working fine :-)

    By, Fritz

 
 
 

1. LCP timeout problem

Does anyone have any idea why I get an "LCP: timeout" error message?  My
ISP is using PAP authentication.  Has anyone seen this before?  I
increased the TIMEOUT option to 180 seconds, but it didn't help.

This was taken from my /var/log/messages file on RedHat 5.2

Apr 11 11:16:42 localhost chat[564]: ATH0^M^M
Apr 11 11:16:42 localhost chat[564]: OK^M
Apr 11 11:17:30 localhost chat[564]: ATDT713-554-5400^M^M
Apr 11 11:17:30 localhost chat[564]: CONNECT
Apr 11 11:17:30 localhost chat[564]:  -- got it
Apr 11 11:17:30 localhost chat[564]: send (^M)
Apr 11 11:17:30 localhost pppd[560]: Serial connection established.
Apr 11 11:17:31 localhost pppd[560]: Using interface ppp0
Apr 11 11:17:31 localhost pppd[560]: Connect: ppp0 <--> /dev/ttyS0
Apr 11 11:17:31 localhost pppd[560]: Warning - secret file
/etc/ppp/pap-secrets has world and/or group access
Apr 11 11:18:01 localhost pppd[560]: LCP: timeout sending
Config-Requests
Apr 11 11:18:01 localhost pppd[560]: Connection terminated.
Apr 11 11:18:01 localhost pppd[560]: Receive serial link is not 8-bit
clean:
Apr 11 11:18:01 localhost pppd[560]: Problem: all had bit 7 set to 0
Apr 11 11:18:02 localhost pppd[560]: Exit.

Thanks,
Cory

2. proc filesystem?

3. Triton P90 1542CF No devices - Bus Timeout Problems (help)

4. SUIT for LINUX?

5. eth1 Transmit timeout problem, help

6. Afterstep icons

7. pcnfsd v2.0 and Solaris2.3: Timeout Problem

8. Term 115 (beta) is out.

9. SCSI Timeout problems.

10. Socket Timeout Problem

11. Help with Sendmail on Solaris 2.5.1 - timeout problem

12. sendmail timeout problem

13. RPC timeout problem...always defaulting.