Hello,
I’m having trouble with SSH and SFTP. Whenever I SSH to my machine (192.168.88.200) from external IP (ie 10.1.1.1), on port 22, it is very slow to connect. (maybe 2 minutes).
Same thing to connect via SFTP. Takes maybe 2-3 minutes to connect. After which it runs ok.
When I connect from within my LAN (my client machine on the same LAN as the server, it connects almost instantly).
I’ve attached both by Rules and my NAT, but I don’t know why it is so slow on the external ip. HTTP (through port 80) is fast however.
Here is my configuration:
RULES
0 ;;; ALLOW ALL TO LAN
chain=input action=accept connection-state=established,related,new in-interface=bridge-local log=no log-prefix=“”
1 ;;; ALLOW ICMP (Ping) ON ALL
chain=input action=accept protocol=icmp log=no log-prefix=“”
2 ;;; Drop Everything Else
chain=input action=drop log=no log-prefix=“”
3 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway log=no log-prefix=“”
4 ;;; default configuration
chain=forward action=accept connection-state=established,related,new in-interface=bridge-local log=no log-prefix=“”
5 ;;; default configuration
chain=forward action=drop connection-state=invalid log=no log-prefix=“”
6 ;;; default configuration
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no log-prefix=“”
NAT
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=X.X.X.X out-interface=ether1-gateway log=no log-prefix=“”
1 chain=dstnat action=dst-nat to-addresses=192.168.88.200 protocol=tcp dst-address=X.X.X.X dst-port=80 log=no log-prefix=“”
2 chain=srcnat action=src-nat to-addresses=X.X.X.X protocol=tcp src-address=192.168.88.0/24 log=no log-prefix=“”
3 chain=dstnat action=dst-nat to-addresses=192.168.88.200 to-ports=22 protocol=tcp dst-address=X.X.X.X dst-port=22 log=no log-prefix=“”
4 chain=srcnat action=src-nat to-addresses=192.168.88.200 to-ports=22 protocol=tcp src-address=192.168.88.0/24 log=no log-prefix=“”