Firewalls: Re: Poor Response on Firewall

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Poor Response on Firewall
From:	jet @ abulafia . genmagic . com (J. Eric Townsend)
Date:	Sun, 25 Sep 94 22:22:09 -0700
To:	firewalls @ GreatCircle . COM
In-reply-to:	<9409260116 . AA22816 @ acasun . eckerd . edu>

Marisa H. Pfalzgraf writes:
 > SOCKSified software from an internal machine.  There is no improvement in
 > response if an IP address is used in the commands in place of a site name.
 > The lag in the response occurs AFTER the "Connected to site.name.  Escape
 > character it '^]'." message.  Pings to remote systems from the firewall
 > give a normal reponse time.

Two diagnostic suggestions:

- run a client from within truss(1) and watch the output in realtime.
This sometimes gives insight as to which calls are "stalling".

- put a packet sniffer (or use snoop(1M)) on the line and see if
something is timing out.  I recently saw a problem where a flaky
router would stall on the first few packets to be routed to a "new"
host.  (Took a while to load a new entry into the arp table.)

--eric

References:

Poor Response on Firewall
From: pfalzgmh @ eckerd . edu (Marisa H. Pfalzgraf)

Indexed By Date	Previous:	Re: Poor Response on Firewall From: Ken Hardy <ken @ bridge . com>
Indexed By Date	Next:	51.7742 (RE: Questions on the Meaning of Life & Security) From: "Johnson-Bryden, Ian" <IJB @ saicuk . co . uk>
Indexed By Thread	Previous:	Re: Poor Response on Firewall From: Ken Hardy <ken @ bridge . com>
Indexed By Thread	Next:	Re: Poor Response on Firewall From: Brent Chapman <brent @ mycroft . GreatCircle . COM>