Topic: Still slow to connect. Could it be DNS?

[Dave Wilson]

Hey all.  I'm still having this issue of slow to connect to E-Smith with FTP or POP3 through my Linksys Router.

I've tried the solution at
http://www.e-smith.org/bugs/index.php3?op=showBug&bugID=67
but have determined that it won't help me because I'm not using DHCP.  Besides, I've tried it several times with no success.

I've gone through my configuration again and noticed that in the spot to Select a Master DNS Server I have left it blank as recommended.  Would it help if I set it to something else?  If so, what address should I use?  Thanks.

[Dave Wilson]

Well, I just tested my theory and I seem to be wrong.  I entered my ISPs primary DNS address and now I'm not connecting at all.

This is extremely frustrating.  If anyone has any other ideas I'd be grateful.  Thanks.

[Bill Talcott]

http://forums.contribs.org/index.php?topic=13868.msg52747#msg52747

Is the router stealthing the IDENT port (113)? If so, some connections will have to wait for it to timeout before they can continue. Having something listen on that port or just denying any connection (saying "yes" or "no" instead of just ignoring the requests) will let the connection carry on as usual, instead of having to wait for the timeout.

[Dave Wilson]

Okay, I'm not sure what you mean by "Stealthing" but I tried putting 113 into my filter list with no luck.  Then I tried doing Port forwarding to send it to my E-Smith box but that made no difference either.  What do I look for or what do I change to make this work?

For the record, I'm not the only person I know who is having this problem so I can't believe that more people haven't run into this.

Anyway, thanks for any help you can give.

[Jesper Bille Haun]

Try this:

Create a file called 10defaults in
/etc/e-smith/templates-custom/etc/xinetd-conf/

type this in:
defaults
\{
     instances             = 60
     log_type               = SYSLOG authpriv
     log_on_success    = HOST PID EXIT DURATION
     log_on_failure        = HOST RECORD
\}

Run:
/sbin/e-smith/signal-event console-save

This removes USER from the conf file, and FTP and POP3 will not make ident lookups.

[Bill Talcott]

Dave Wilson wrote:
>
> Okay, I'm not sure what you mean by "Stealthing" but I tried
> putting 113 into my filter list with no luck.  Then I tried
> doing Port forwarding to send it to my E-Smith box but that
> made no difference either.  What do I look for or what do I
> change to make this work?

When a packet is received, there are three ways of handling it. You can say "yes", you can say "no", or you can just ignore it. A "yes" or "no" response will be returned immediately and allow the connection to carry on, but a scanner would know there's a computer there, even if you are denying any requests to that port. You can also ignore the request, which stealths the port. Instead of replying that you don't accept any connections, it just drops the packet. The other computer has to wait a while before finally deciding there's nothing there. Random scanners will see it as an invalid address, but good connections will be slowed down by the timeout...

By forwarding 113 to a real computer, that should guarantee that some sort of response is being sent back, so the connection can carry on without having to wait for the timeout. You can scan port 113 from the internet side to see what sort of response it's actually getting...

[Dave Wilson]

Jesper, the directory you specified does not exist. It goes as far as templates custom and that's it.  Is that where I should create this file?  And is the file really called just 10defaults?

Bill, I've already tried forwarding port 113 to my E-Smith box and that solved nothing.  It must be something else.

I would like to add that I am not the only person getting this.  A buddy of mine is getting the same thing although he doesn't go through his Linksys.  Plus we also have a friend who is getting the same problem and he doesn't even have a Linksys router.  So apparently that's not the stumbling block.  

Does it matter that the E-Smith box is running in Server Only mode?

[Jesper Bille Haun]

The file 10defaults already exists in
/etc/e-smith/templates/etc/xinetd.conf/

You can create a new one in the other location or copy it (and change it).

The other location is:
/etc/e-smith/templates-custom/etc/xinetd.conf/

Just remember to remove the two instances of USER - if you copy - and signal the event console-save.

[Jesper Bille Haun]

... I forgot... yes you do have to create the directories yourself.