LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-17-2008, 01:09 PM   #1
coontie
Member
 
Registered: Jun 2003
Distribution: Fedora Core 5
Posts: 100

Rep: Reputation: 15
iptables freezes for 2s when hitting a numeric IP


Hi.

Have me a little problem.

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED /* allow inbound established only */
ACCEPT     all  --  anywhere             localhost           /* loopback */
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:54321:54400 state NEW /* BT */
ACCEPT     udp  --  anywhere             anywhere            udp dpts:54321:54400 state NEW /* BT */
ACCEPT     tcp  --  172.16.1.0/24        anywhere            state NEW tcp dpt:www /* WWW */
LOG        tcp  --  anywhere             anywhere            tcp dpt:2222 state NEW LOG level warning prefix `SSH accepted: '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:2222 state NEW /* SSH */
ACCEPT     udp  --  172.16.1.0/24        anywhere            udp dpt:netbios-ns /* samba */
ACCEPT     udp  --  172.16.1.0/24        anywhere            udp dpt:netbios-dgm /* samba */
ACCEPT     tcp  --  172.16.1.0/24        anywhere            state NEW tcp dpt:netbios-ssn /* samba */
ACCEPT     tcp  --  172.16.1.0/24        anywhere            state NEW tcp dpt:microsoft-ds /* samba */

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED /* allow all outgoing connections */
when you do iptables -L, it starts listing the rules. Every time it hits a rule in bold, it pauses for 2-3s and then continues. Very annoying.

Any idea why that's happening or how to troubleshoot this?
 
Old 06-17-2008, 01:10 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
reverse DNS lookups. add the -n option to stop this.
 
Old 06-17-2008, 01:17 PM   #3
coontie
Member
 
Registered: Jun 2003
Distribution: Fedora Core 5
Posts: 100

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
reverse DNS lookups. add the -n option to stop this.
You da man!

Thank you.

In fact, I thought that initially and went and added aliases in /etc/networks to 172.16.1.0/24. It resolved that subnet to "localnet" but still was slow.

nsswitch only shows

networks files

...? Weird.

Like, it'll show this:

Code:
ACCEPT     udp  --  anywhere             anywhere            udp dpts:54321:54400 state NEW /* BT */
ACCEPT     tcp  --  localnet/24          anywhere            state NEW tcp dpt:www /* WWW */
but still freeze on "localnet."
 
  


Reply

Tags
freeze, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Hitting Microsoft Where It Hurts LXer Syndicated Linux News 0 02-08-2008 12:50 AM
spoof hitting port 1026 gabsik Linux - Security 3 09-04-2006 10:43 PM
Windows XP Not Hitting My Network.. sxa General 17 05-31-2004 09:58 PM
Pty's -- Hitting Limit! zepplin611 AIX 2 03-09-2004 08:48 AM
Kernel 2.6 hitting the mainstream? navarre9 Linux - General 10 12-22-2003 09:43 AM


All times are GMT -5. The time now is 01:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration