Setting IPv6 slow down ssh login
I configured the firewall for IPv4 (http://bencane.com/2012/09/17/iptables-linux-firewall-rules-for-a-basic-web-server/) according to this article. Access via SSH, Filezilla are lightning fast into my Linode server. When I add the setting for IPv6 with exact the settings as IPv4 firewall (apart from changing iptables to ip6tables), here are the outcome:
SSH into my server delays between 2 - 4 minutes (slow)
Filezilla access totally failed
Web can still be viewed successfully in the browser
Then, I changed the IPv6 setting to DROP all INPUT chain … yet, the same thing happened.
The conditions only improved when:
Just config the IPv4 firewall only, and default (do nothing) to IPv6 config OR
Totally remove the IPv4 and IPv6 firewall
My question is why? … because I do not foresee any difficulty in writing iptables for IPv4 and IPv6 - they are similar
Please provide suggestion on how to overcome this trivial issue.
TQ
1 Reply
mjones
Linode Staff
That's a bit unusual. Firewall rules, in general, shouldn't cause a large slowdown in SSH. However, I am seeing a few other reports in various forums of this happening with specific setups, and it looks like it can be fixed by adding the following rule before any drop rules:
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
We have a guide on iptables as well that may provide different suggestions or ideas than the guide you mentioned, if you'd like to take a look.