Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have exactly same setup in two offices. From one office, if I try to do ftp (or ssh) to anywhere in the world, it takes a long time before the login prompt comes (roughly 10-15 seconds minimum). Ftp normally takes far more time though.
However, from another office, I get it almost instantaneously!
I was told by several people that it could be "Reverse DNS Mapping" which is causing this trouble. If that is really the case, then I should get the trouble in both offices since they have exactly same kind of DNS setup (of course, with the difference of their own external/internal IPs).
I also have similar type of "/etc/hosts", "/etc/resolv.conf" and "/etc/nsswitch.conf" files at both ends. I have also checked "/etc/hosts.allow" and "/etc/hosts.deny" files at both ends. They are essentially empty.
The machines where I try this, are the main masquerading machines connected directly to the internet via modem/router and firewall. There is of course, internal network at both offices which is connected via VPN (ipsec).
Could it be the case that some DNS entries at ISP of problematic office is causing some trouble here?
Distribution: Ubuntu currently, also Fedora, RHEL, CentOS
Posts: 111
Rep:
really sounds like dns. You can change your /etc/ssh/sshd_config to not do reverse dns lookup, that could save you time. Also, most ftp daemons can be changed. Sounds like dns is hosed at one end, or your NAT has no reverse record.
Could you please tell what to change in "/etc/ssh/sshd_config"? Also, I am using vsftpd on the problematic office. How do I disable reverse name lookup there?
I think the following entry would do it (in /etc/ssh/sshd_config):
Code:
VerifyReverseMapping no
Note that you would need to make this change on the servers you are trying to reach from the affected office, not the servers located at this office.
The problem is that when you contact a host from this office, the host tries to do an inverse lookup on your public IP address. If there is no reply, pretty much everything that uses IP will be delayed. The real solution, therefore, is to contact your ISP and get a reverse DNS entry set up for that address.
If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.
If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.
I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?
Originally posted by mciann I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?
That depends on /etc/nsswitch.conf. Look for:
hosts: files dns
And you should be OK putting the static IP in. But as the other guys pointed out, your best bet is to always disable reverse lookups in your daemons. I know proftpd has such a setting.
[added later:] The tools 'strace' and 'tcpdump' are invaluable in solving this type of problem, but it takes a while to get proficient with them.
Last edited by jcomeau_ictx; 10-15-2004 at 12:55 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.