Date: Mon, 9 Feb 2004 11:30:48 +0200 (SAST) From: Wayne Swart <wayne@fixx.co.za> To: FreeBSD Mailing List <freebsd-questions@FreeBSD.ORG> Subject: slow ipfw rules Message-ID: <20040209112634.S427@gemini.fixx.co.za>
next in thread | raw e-mail | index | archive | help
Helo everyone I have a nat box with a default to deny ruleset, but whenever i ftp through it i get a transfer rate of + - 3kb/s (over lan) Below are what i have in my firewall script: ipfw disable firewall ipfw -f flush int_if=fxp0 ext_if=rl0 # IPFW Count Rules for MRTG ipfw add 10001 count ip from 10.0.5.100 to any via $int_if ipfw add 10002 count ip from any to 10.0.5.100 via $int_if # NAT ipfw add divert natd ip from any to any via $ext_if # Established Rules ipfw add allow tcp from any to any established # Squid ipfw add allow tcp from <someip> to me 8080 # DNS ipfw add allow udp from any 53 to any ipfw add allow udp from any to any 53 # NFS Stuff ipfw add allow all from 10.0.5.252 to any ipfw add allow all from any to 10.0.5.252 # SNMP ipfw add allow tcp from <someip> to me 161 in via $ext_if ipfw add allow udp from <someip> to me 161 in via $ext_if # FTP ipfw add allow tcp from any to any 21 ipfw add allow tcp from any to any 20 ipfw add allow tcp from any to any 49152-65535 # Internal Lan ipfw add reset tcp from 10.0.5.0/24 to any 80 ipfw add allow all from 10.0.5.0/24 to 10.0.5.0/24 ipfw add allow all from any to 10.0.5.0/24 ipfw add allow all from 10.0.5.0/24 to any # HTTP ipfw add allow tcp from 10.0.5.0/24 to me 80 ipfw add allow tcp from <someip> to me 80 # ICMP ipfw add allow icmp from any to any # SSH ipfw add allow ip from <someip> to me # localhost ipfw add allow all from me to any # Finally - Enable the firewall again ipfw enable firewall I have replaced nic's and everythin but to no avail. Please help. Thanks Wayne In a world with no boundaries, Who Needs Gates?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040209112634.S427>