From owner-freebsd-questions@FreeBSD.ORG Fri Mar 12 08:21:40 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B955516A4CE for ; Fri, 12 Mar 2004 08:21:40 -0800 (PST) Received: from mail.takas.lt (mail-src.takas.lt [212.59.31.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 541A043D39 for ; Fri, 12 Mar 2004 08:21:39 -0800 (PST) (envelope-from prodigy@punktas.lt) Received: from prodigy ([213.190.42.48]) by mail.takas.lt with Microsoft SMTPSVC(5.0.2195.6713); Fri, 12 Mar 2004 18:21:36 +0200 Message-ID: <001d01c4084e$0d4d0840$1e00a8c0@prodigy> From: "Prodigy" To: "freebsd-questions" References: <001e01c406b2$e26b3a80$1e00a8c0@prodigy> <20040311124338.GA2091@cnsystems.com> Date: Fri, 12 Mar 2004 18:21:11 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-OriginalArrivalTime: 12 Mar 2004 16:21:37.0234 (UTC) FILETIME=[17C2F320:01C4084E] Subject: Re: natd + ipfw - very slow internet for LAN users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2004 16:21:40 -0000 Thanks for your sets, but anyway internet is very slow :( # ipfw show 00100 617 59829 divert 8668 ip from any to any via ed1 00200 617 59829 allow ip from 213.190.42.48 to any keep-state via ed1 00300 1213 101401 allow ip from 192.168.0.0/24 to any keep-state via ed0 65535 409 26377 allow ip from any to any # cat /usr/local/etc/ipfw.conf fw="/sbin/ipfw -q" oif="ed1" iif="ed0" ${fw} add divert natd all from any to any via ${oif} ${fw} add allow all from 213.190.42.48 to any keep-state via ${oif} ${fw} add allow all from 192.168.0.1/24 to any keep-state via ${iif} Btw, i have a static internet ip address, not the dynamic. I have read the man ipfw BUGS section, but still I can't understand, how can i solve my problem. ----- Original Message ----- From: "jon" To: "Prodigy" Sent: Thursday, March 11, 2004 2:43 PM Subject: Re: natd + ipfw - very slow internet for LAN users > my set looks like this > > fw="/sbin/ipfw -q" > oif="xl1" > iif="xl0" > > ${fw} add divert natd all from any to any via ${oif} > ${fw} add allow all from ${oip} to any keep-state via ${oif} > ${fw} add allow all from 192.168.1.1/24 to any keep-state via ${iif} > > good luck > > * Prodigy [2004-03-10 17:17:52 +0200]: > > > Hi, > > > > i'm sharing internet to my local area network (LAN) users with my router. Everything would be fine, but internet is very slow. I tried to ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then I try to open some internet pages, there is very big lag. Something is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natd > > > > > > Kernel configuration: > > > > # ... Some other stuff goes here > > options IPFIREWALL > > options IPFIREWALL_FORWARD > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT=10 > > options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all packets by default > > options IPDIVERT > > # ... Some other stuff goes here > > > > > > rc.conf: > > > > defaultrouter="213.190.42.1" # ISP gateway > > hostname="panemune.net" > > ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN) interface > > ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet (outside) interface > > # ... here goes some other stuff, like sshd_enable="YES", etc > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_script="/usr/local/etc/rc.firewall" > > firewall_quiet="YES" > > firewall_logging="YES" > > natd_enable="YES" > > natd_interface="ed1" > > natd_flags="-f /usr/local/etc/natd.conf" > > > > > > # cat /usr/local/etc/natd.conf > > same_ports yes > > use_sockets yes > > unregistered_only yes > > > > # cat /usr/local/etc/rc.firewall > > ipfw add 100 divert natd all from any to any via ed1 > > > > # ipfw show > > 00100 469 26801 divert 8668 ip from any to any via ed1 > > 65535 1072 60182 allow ip from any to any > > > > # cat /etc/services | grep natd > > natd 8668/divert # Network Address Translation > > > > > > > > Btw, when I used ipf + ipnat, internet for LAN users was good enough, but now it's horrible with natd + ipfw. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > -- > Jon > This is BSD country. If you listen carefully, you can hear Windows reboot... > > For GnuPG/PGP key send message to jonathan88@email.com with > subject "key request pgp" or "key request gnupg".