Date: Fri, 12 Mar 2004 18:21:11 +0200 From: "Prodigy" <prodigy@punktas.lt> To: "freebsd-questions" <freebsd-questions@freebsd.org> Subject: Re: natd + ipfw - very slow internet for LAN users Message-ID: <001d01c4084e$0d4d0840$1e00a8c0@prodigy> References: <001e01c406b2$e26b3a80$1e00a8c0@prodigy> <20040311124338.GA2091@cnsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your sets, but anyway internet is very slow :(
# ipfw show
00100 617 59829 divert 8668 ip from any to any via ed1
00200 617 59829 allow ip from 213.190.42.48 to any keep-state via ed1
00300 1213 101401 allow ip from 192.168.0.0/24 to any keep-state via ed0
65535 409 26377 allow ip from any to any
# cat /usr/local/etc/ipfw.conf
fw="/sbin/ipfw -q"
oif="ed1"
iif="ed0"
${fw} add divert natd all from any to any via ${oif}
${fw} add allow all from 213.190.42.48 to any keep-state via ${oif}
${fw} add allow all from 192.168.0.1/24 to any keep-state via ${iif}
Btw, i have a static internet ip address, not the dynamic. I have read the
man ipfw BUGS section, but still I can't understand, how can i solve my
problem.
----- Original Message -----
From: "jon" <jonathan88@email.com>
To: "Prodigy" <prodigy@punktas.lt>
Sent: Thursday, March 11, 2004 2:43 PM
Subject: Re: natd + ipfw - very slow internet for LAN users
> my set looks like this
>
> fw="/sbin/ipfw -q"
> oif="xl1"
> iif="xl0"
>
> ${fw} add divert natd all from any to any via ${oif}
> ${fw} add allow all from ${oip} to any keep-state via ${oif}
> ${fw} add allow all from 192.168.1.1/24 to any keep-state via ${iif}
>
> good luck
>
> * Prodigy <prodigy@punktas.lt> [2004-03-10 17:17:52 +0200]:
>
> > Hi,
> >
> > i'm sharing internet to my local area network (LAN) users with my
router. Everything would be fine, but internet is very slow. I tried to
ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users
should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then
I try to open some internet pages, there is very big lag. Something is wrong
with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natd
> >
> >
> > Kernel configuration:
> >
> > # ... Some other stuff goes here
> > options IPFIREWALL
> > options IPFIREWALL_FORWARD
> > options IPFIREWALL_VERBOSE
> > options IPFIREWALL_VERBOSE_LIMIT=10
> > options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all
packets by default
> > options IPDIVERT
> > # ... Some other stuff goes here
> >
> >
> > rc.conf:
> >
> > defaultrouter="213.190.42.1" # ISP gateway
> > hostname="panemune.net"
> > ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN)
interface
> > ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet
(outside) interface
> > # ... here goes some other stuff, like sshd_enable="YES", etc
> > gateway_enable="YES"
> > firewall_enable="YES"
> > firewall_script="/usr/local/etc/rc.firewall"
> > firewall_quiet="YES"
> > firewall_logging="YES"
> > natd_enable="YES"
> > natd_interface="ed1"
> > natd_flags="-f /usr/local/etc/natd.conf"
> >
> >
> > # cat /usr/local/etc/natd.conf
> > same_ports yes
> > use_sockets yes
> > unregistered_only yes
> >
> > # cat /usr/local/etc/rc.firewall
> > ipfw add 100 divert natd all from any to any via ed1
> >
> > # ipfw show
> > 00100 469 26801 divert 8668 ip from any to any via ed1
> > 65535 1072 60182 allow ip from any to any
> >
> > # cat /etc/services | grep natd
> > natd 8668/divert # Network Address Translation
> >
> >
> >
> > Btw, when I used ipf + ipnat, internet for LAN users was good enough,
but now it's horrible with natd + ipfw.
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
>
> --
> Jon
> This is BSD country. If you listen carefully, you can hear Windows
reboot...
>
> For GnuPG/PGP key send message to jonathan88@email.com with
> subject "key request pgp" or "key request gnupg".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01c4084e$0d4d0840$1e00a8c0>