LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-03-2009, 10:38 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Rep: Reputation: 58
Reverse SSH connection Super Slow


I am have setup a temporary ssh server to reverse ssh to remote clients. When a client has an issue I have them reverse ssh to my server and then from my laptop or workststation connect to there workstation. The problem that I am having is when I connect to them from behind my firewall from my laptop the connection is really slow but when I connect to them from the firewall it is fast. I am using Firestarter which is simply a GUI for iptables. I am trying to figure out what iptables rule is causing the connection to slow down behind the firewall. Any suggestions?

Last edited by metallica1973; 12-03-2009 at 11:10 PM.
 
Old 12-04-2009, 02:56 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Post your iptables rules and let us have a look, without them the possibilities are endless.
 
Old 12-07-2009, 07:58 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Original Poster
Rep: Reputation: 58
PHP Code:
Chain INPUT (policy DROP 0 packets0 bytes)
 
pkts bytes target     prot opt in     out     source               destination         
   37  8540 ACCEPT     tcp  
--  *      *       192.168.0.1          0.0.0.0/0           tcp flags:!0x17/0x02 
 2603  522K ACCEPT     udp  
--  *      *       192.168.0.1          0.0.0.0/0           
23720  688K ACCEPT     all  
--  lo     *       0.0.0.0/0            0.0.0.0/0           
   55  8180 ACCEPT     icmp 
--  *      *       0.0.0.0/0            0.0.0.0/0           limitavg 10/sec burst 5 
    4  1326 DROP       all  
--  eth1   *       0.0.0.0/0            255.255.255.255     
  197 21819 DROP       all  
--  *      *       0.0.0.0/0            192.168.0.255       
    0     0 DROP       all  
--  *      *       224.0.0.0/8          0.0.0.0/0           
   12  1755 DROP       all  
--  *      *       0.0.0.0/0            224.0.0.0/8         
    0     0 DROP       all  
--  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  
--  *      *       0.0.0.0/0            0.0.0.0             
    9   368 DROP       all  
--  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 LSI        all  
-f  *      *       0.0.0.0/0            0.0.0.0/0           limitavg 10/min burst 5 
 859K  391M INBOUND    all  
--  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG_FILTER  all  
--  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  
--  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input' 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5 
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix 
`Unknown Forward

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       192.168.0.100        192.168.0.1         tcp dpt:53 
 2598  164K ACCEPT     udp  --  *      *       192.168.0.100        192.168.0.1         udp dpt:53 
23720  688K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
   15  1400 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
    8  2731 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
1715K  671M OUTBOUND   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Output' 

Chain INBOUND (1 references)
 
pkts bytes target     prot opt in     out     source               destination         
45080   42M ACCEPT     tcp  
--  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 814K  349M ACCEPT     udp  
--  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  
--  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:12022 
    0     0 ACCEPT     udp  
--  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:12022 
  115 15346 LSI        all  
--  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOG_FILTER 
(5 references)
 
pkts bytes target     prot opt in     out     source               destination         

Chain LSI 
(2 references)
 
pkts bytes target     prot opt in     out     source               destination         
  115 15346 LOG_FILTER  all  
--  *      *       0.0.0.0/0            0.0.0.0/0           
   74  3976 LOG        tcp  
--  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limitavg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
   74  3976 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix 
`Inbound 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04
   0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
    
0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   40 11319 LOG        all  
--  *      *       0.0.0.0/0            0.0.0.0/0           limitavg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
   41 11370 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LSO (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix 
`Outbound  
    0     0 REJECT     all  
--  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTBOUND 
(1 references)
 
pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp 
--  *      *       0.0.0.0/0            0.0.0.0/0           
41616 5672K ACCEPT     tcp  
--  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
1671K  665M ACCEPT     udp  
--  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 2710  175K ACCEPT     all  
--  *      *       0.0.0.0/0            0.0.0.0/
 
Old 12-08-2009, 09:26 AM   #4
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
I'm not seeing anything that sets off major alarms immediately for reverse ssh, have you tried flushing it and setting up a simple firewall and seeing if the issue still occurs? It might be due to rate limiting somewhere in that config but really shouldn't be. I'd start from scratch and add things back in and see where the problem starts occurring at.

Last edited by rweaver; 12-08-2009 at 09:27 AM.
 
Old 12-08-2009, 08:50 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Original Poster
Rep: Reputation: 58
thanks will do
 
Old 12-13-2009, 05:09 PM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Original Poster
Rep: Reputation: 58
I have resolved the issue. I do believe that firewall definitely play a part in performance issue with remote connections. This has been an issue that has been occurring for years and never really dug to deep into it until today. Essentially is was rather simple and was just thinking about the connection and what the issue was. Of course when connecting to a remote connection via vncviewer you are dealing with typically graphics when connecting to a windows environment. I just reduced what was being sent over the pipe in regards to graphics and configured vncviewer to connect as though I was connecting to a slower connection such as a modem. This is what worked for me via vncviewer.

PHP Code:
vncviewer -encodings tight -bgr233 localhost 

Hope that helps!
 
Old 12-14-2009, 03:55 PM   #7
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
I'm sorry! I do a lot of remote support, but most of it is at the console, so I never considered you were simply sending a large amount of data. Good job however, and congratulations on discovering a workable solution!
 
Old 12-14-2009, 07:05 PM   #8
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Original Poster
Rep: Reputation: 58
many thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse Tunneling / Reverse port forwarding in SSH dynamics Linux - Networking 3 11-23-2009 10:31 AM
nfs write == super slow; read == super fast - problem? BrianK Linux - Networking 4 08-23-2007 10:59 PM
Reverse SSH and Putty really Slow metallica1973 Linux - Networking 2 06-29-2007 10:24 AM
SLOW SSH connection adriaanbw Linux - Networking 1 04-27-2006 06:13 PM
ssh connection is very very slow. bruse Linux - Networking 1 01-19-2006 05:43 AM


All times are GMT -5. The time now is 03:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration