Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Mar 2004 17:17:52 +0200
From:      "Prodigy" <prodigy@punktas.lt>
To:        "freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   natd + ipfw - very slow internet for LAN users
Message-ID:  <001e01c406b2$e26b3a80$1e00a8c0@prodigy>
next in thread | raw e-mail | index | archive | help 
Hi,

i'm sharing internet to my local area network (LAN) users with my =
router.  Everything would be fine, but internet is very slow. I tried to =
ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users =
should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. =
Then I try to open some internet pages, there is very big lag. Something =
is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw =
+ natd


Kernel configuration:

# ... Some other stuff goes here
options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=3D10
options         IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all =
packets by default
options         IPDIVERT
# ... Some other stuff goes here


rc.conf:

defaultrouter=3D"213.190.42.1" # ISP gateway
hostname=3D"panemune.net"
ifconfig_ed0=3D"inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN) =
interface
ifconfig_ed1=3D"inet 213.190.42.48 netmask 255.255.255.0" # Internet =
(outside) interface
# ... here goes some other stuff, like sshd_enable=3D"YES", etc
gateway_enable=3D"YES"
firewall_enable=3D"YES"
firewall_script=3D"/usr/local/etc/rc.firewall"
firewall_quiet=3D"YES"
firewall_logging=3D"YES"
natd_enable=3D"YES"
natd_interface=3D"ed1"
natd_flags=3D"-f /usr/local/etc/natd.conf"


# cat /usr/local/etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only yes

# cat /usr/local/etc/rc.firewall
ipfw add 100 divert natd all from any to any via ed1

# ipfw show
00100  469 26801 divert 8668 ip from any to any via ed1
65535 1072 60182 allow ip from any to any

# cat /etc/services | grep natd
natd            8668/divert # Network Address Translation



Btw, when I used ipf + ipnat, internet for LAN users was good enough, =
but now it's horrible with natd + ipfw.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001e01c406b2$e26b3a80$1e00a8c0>