NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FTP to 4th interface of Nokia IP440 tres slow


  • To: [email protected]
  • Subject: [FW-1] FTP to 4th interface of Nokia IP440 tres slow
  • From: Alan Choyna <[email protected]>
  • Date: Fri, 24 May 2002 18:17:29 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcIDcC1hgGqDqeEWSDKeG62BktCQjA==
  • Thread-topic: FTP to 4th interface of Nokia IP440 tres slow

We have an IP440 (IPSO 3.3, 4.1 SP3) with four Ethernet ports with the following layout:

Interface       Network                 Use
eth-s1p1        10.10.1.100             Internal
eth-s1p2        123.321.444.100 external
eth-s1p3        10.10.2.100             DMZ 1
eth-s1p4        10.10.3.100             DMZ 2

I have just set up the 4th interface for use by some Linux web servers, and am really tight on which services I'm allowing into these boxes.

FTP access into these servers from outside of the FW interface is very slow, about 30 seconds pass from when the FTP request is made to when the User ID prompt returns. FTP between the 2 servers is fine (with only 2 seconds from request to User ID prompt), which leads me to think there's something about the firewall config that I've missed perhaps. Once logged in however, file transfer speed is fine.

HTTP, SSH and ICMP all work fine with no noticeable lag.

On the voyager interface l see the DMZ 2 interface is performing at Fast Ethernet/100M speed, connected to a 10/100 hub with each server having a 10/100 NIC card).

When these servers were on the DMZ 1 interface they responded very quickly to FTP requests. Unfortunately these boxes were hacked (moron users left the user id and password in a plain text file on an NT server exposed to the internet without a FW.), and we are still building the replacement boxes.

I only allow DNS & SMTP services from those servers outside of the interface, and FTP, HTTP & SSH in (excluding VPN access which allows all services in).

Have l missed something? Some service inbound or outbound l should be allowing?

On another note, these boxes are still polluted (the hacker used an LKM (Loadable Kernel Module) hack, and it's near impossible to find exactly what he's done), and l would appreciate it if anyone knows of a Linux distribution that has the LKM disabled, as this would be a preferred install for the rebuild of these boxes.

Hmm, maybe the hacker has attached something to the FTP process that slows the logon down..........

Sorry for the long winded email, but l thought that more info is better.

regards,

Alan

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.