From owner-freebsd-questions  Tue Aug 27 15:22:34 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 132BF37B405
	for <freebsd-questions@freebsd.org>; Tue, 27 Aug 2002 15:22:30 -0700 (PDT)
Received: from mail.mediaodyssey.com (mail.mediaodyssey.com [206.168.47.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C56E43E65
	for <freebsd-questions@freebsd.org>; Tue, 27 Aug 2002 15:22:29 -0700 (PDT)
	(envelope-from jmcatee@mediaodyssey.com)
Received: from jim (unverified [206.168.47.99]) by mail.mediaodyssey.com
 (Rockliffe SMTPRA 4.5.6) with SMTP id <B0001324275@mail.mediaodyssey.com> for <freebsd-questions@freebsd.org>;
 Tue, 27 Aug 2002 16:22:28 -0600
Message-ID: <00c901c24e18$637a3450$5003a8c0@jim>
From: "Jim McAtee" <jmcatee@mediaodyssey.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: Slow loading pages ipfilter/ipnat 
Date: Tue, 27 Aug 2002 16:23:37 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I'm testing a firewall setup (4.6.2 Release) with ipfilter compiled into the
kernel.  I'm using ipnat to go from a network with 192.168.0.0 addressing to
the public address on the external facing interface.  For testing, right now
I've got ipf rules just passing all traffic.  The firewall machine has two
Intel 10/100 NICs.  The machine behind the firewall from which I'm testing
is running Windows 2000 Professional.

Everything works as expected, except when browsing web pages that require NT
authentication.  They load very very slowly.  Other pages being served from
the same web server, and which require no authentication, load fast.

I've also notice that if I try to ping a machine on the other side of the
firewall using packets larger than 1472 bytes, I receive no response.  Equal
to or smaller than that size, I get 100% response.  Pinging interfaces on
the firewall itself with very large ICMP packets also gets 100% response.

What should I be looking at to troubleshoot this problem?

Jim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message