From owner-freebsd-questions  Wed Apr 25 11: 7:15 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ra.upan.org (ra.upan.org [204.107.76.19])
	by hub.freebsd.org (Postfix) with ESMTP id 98EE537B422
	for <freebsd-questions@FreeBSD.ORG>; Wed, 25 Apr 2001 11:07:07 -0700 (PDT)
	(envelope-from mikel@ocsinternet.com)
Received: from ocsinternet.com (thoth.upan.org [204.107.76.16])
	by ra.upan.org (8.11.1/8.11.1) with ESMTP id f3PI6hZ57596
	for <freebsd-questions@FreeBSD.ORG>; Wed, 25 Apr 2001 14:06:43 -0400 (EDT)
	(envelope-from mikel@ocsinternet.com)
Message-ID: <3AE71486.DF3A2E42@ocsinternet.com>
Date: Wed, 25 Apr 2001 14:16:38 -0400
From: Mikel <mikel@ocsinternet.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en,it
MIME-Version: 1.0
To: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: ipfw, natd & telnet...
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

sorry for the resend...this is plain text...

Hi all...I have a client that insists on using telnet to connect to
their servers behind a fBSD firewall, running ipfw & natd of
course...It works but I am experiencing a latency that well truthfully
bothers me a bit. Even if I run in OPEN it still takes
inordinate amount of time to connect. So obviously the client is less
than pleased but are willing to live with the latency for now,
but I can tell that they aren't exactly happy.

Ok so does anyone have any idea on how , or where, to look for possible
drag points?

I know the following diagram is a bit lack luster but it should suffice.

( inet )
  |
[ fw x.x.x.n, x.x.x.a, x.x.x.b, x.x.x.c ]
  |
  +==+==+
  |  |  |
  |  |  [ Web y.y.y.a ]
  |  |
  |  |
  |  [ db y.y.y.b ]
  |
  |
  [ apps y.y.y.c ]

rc.natd:
    interface fxp0
    use_sockets
    same_ports
    redirect_address y.y.y.a x.x.x.a
    redirect_address y.y.y.b x.x.x.b
    redirect_address y.y.y.c x.x.x.c

also tried this instead, with no perceptible difference:

    redirect_port tcp y.y.y.a:23 23
    redirect_port udp y.y.y.a:23 23


Remember the firewall is running OPEN right now and it does work; it's
just very painfully slow.

Thanks in advance....

Cheers,
Mikel


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message