Date: 18 Aug 2002 21:06:59 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: Leigh V <leighv@roq.com> Cc: freebsd-questions@FreeBSD.ORG, Jim Arnold <jarnold@knightridder.com> Subject: Re: IPFilter/IPnat huge packet losses Message-ID: <1029704820.224.7.camel@markx.vladsempire.net> In-Reply-To: <003401c2471a$378c2b50$2d01a8c0@michael> References: <a05111b00b9858709f683@[192.168.0.4]> <003401c2471a$378c2b50$2d01a8c0@michael>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2002-08-19 at 00:49, Leigh V wrote: > Hmm I don't know whats wrong. A quick glance at your ruleset and it looked > ok > You can try my ipfilter / ipnat setup script www.roq.com/bsd/ which I have > had a number of emails back claiming success. > > ----- Original Message ----- > From: "Jim Arnold" <jarnold@knightridder.com> > To: <freebsd-questions@FreeBSD.ORG> > Sent: Monday, August 19, 2002 4:00 AM > Subject: IPFilter/IPnat huge packet losses > > > > Currently I run "The Wall," a floppy-based FreeBSD distro that uses > > IPFW and natd. This > > setup has worked wonderfully. I don't have packet losses with this > > setup from the firewall > > or inside the lan. > > > > A few weeks ago I acquired a pentium 233 box and decided to see if I could > load > > FreeBSD stable and use IPFilter and ipnat as my firewall. The system > > install and upgrade > > to 4.6 stable with a kernel recompile was a breeze. Getting IPfilter > > to work is another matter... > > > > Right now I'm seeing packet losses from anywhere in the 20 to 80 > > percent range when pinging > > an outside host from inside the firewall. From the firewall itself I > > get 0% packet losses. Your setup looked ok to me. Have you tried adding pass in all quick and pass out all quick type rule and then tested your pinging? If it works you know it's your firewall ruleset, If it doesn't, then you know the problem is elsewhere. I only mention this because firewalls and nat setups normally either allow or block something. If icmp packet #4 gets through, how is that different than #2 or #3 or #5? See where I'm headed with this logic? Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029704820.224.7.camel>