Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Firewalls can create slow SSH logins' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Firewalls can create slow SSH logins
Authored by: simes on Aug 24, '05 07:32:58PM

I should probably note that ssh only uses TCP - it doesn't use UDP at all. That firewall rule you've put in place will stop DNS based name resolution from happening as that is done on port 53 over UDP. Its not just ssh which will be affected - anything which needs to use DNS to look up a name will fail.

The rule you've got will also only block inbound UDP packets so what is happening is that the DNS request is going out fine, but the reply is being blocked.

A better set of rules to use is something like the following:

sudo ipfw add 4941 allow udp from any to any 53 out keep-state
sudo ipfw add 4943 deny udp from any to any in

I've not tested the above though so whilst it should work, use with caution.



[ Reply to This | # ]