When I add iptables rules to the server (on a local network), the connection becomes very slow. This is confirmed for both SSH (logging in goes much slower), and MySQL (websites use this server as their MySQL database server, and this connection is also very slow). The odd thing is, AFAIK there are no rules set that limit the speed in any way. I'm only restricting access. This is the ruleset:
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- localnet/24 anywhere tcp dpt:www
ACCEPT tcp -- localnet/24 anywhere tcp dpt:mysql
ACCEPT tcp -- localnet/24 anywhere tcp dpt:22
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere ctstate NEW
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Note: in addition to SSH and MySQL, I also limit access to Apache, as can be seen. This is not slowed down and appears to be working just fine. And to give an indication of what is slow: connecting to SSH hangs for 10-15 seconds before continuing, and establishing a MySQL will slow down webpages about 15-60 seconds.
Note 2: these are all the iptables rules in the firewall (FORWARD rules are there to share internet). If I simply flush it, SSH/MySQL become instantly responsive.
Best Answer
It almost sounds like DNS queries are not succeeding and timing out. You might need a RELATED,ESTABLISHED rule in your INPUT chain to allow DNS responses to get back to your SSH and MySQL servers.