On Nov 20, 10:55am, "Bob Bracalente -- MRJ" wrote:
> Subject: Long delays for telnet & ftp connects to firewall hosts
> We have a few hosts in our firewall that are publically accessible for telnet.
> The services work fine, except that when users connect to them, they always
> experience about a one minute delay after receiving the "connected to..."
> message from either application. This delay doesn't show up if both machines
> are in the DMZ, it only happens to connnects originating on the outside.
> Does anyone know what telnet and ftp are trying to do after issuing the
> "connected to..." message? Some kind of reverse look up? Is this a DNS
> related problem?
>-- End of excerpt from "Bob Bracalente -- MRJ"
Every UNIX platform I've ever worked on exhibits this behavior when the remote
end of the telnet/ftp connection (i.e. the end you're trying to connect to)
can't figure out what your IP address is. That is to say, reverse address
lookups are failing in DNS. This is the result of a getpeername() call
in the telnetd/ftpd. After about one minute, the daemon times out and just
assumes you are coming from that IP address.
Get your machine to resolve your IP addresses back to hostnames and your
problem should go away.
horizon systems inc