From owner-freebsd-questions@FreeBSD.ORG Mon Feb 9 01:29:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3116216A4CF for ; Mon, 9 Feb 2004 01:29:21 -0800 (PST) Received: from fixx.co.za (fixx.co.za [196.15.161.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id B51FC43D1F for ; Mon, 9 Feb 2004 01:29:20 -0800 (PST) (envelope-from wayne@fixx.co.za) Received: from localhost.localdomain.co.za ([127.0.0.1] helo=localhost) by fixx.co.za with esmtp (Exim 4.24; FreeBSD 4.8) id 1Aq7ke-0000Lb-I2 for freebsd-questions@FreeBSD.ORG; Mon, 09 Feb 2004 11:30:48 +0200 Date: Mon, 9 Feb 2004 11:30:48 +0200 (SAST) From: Wayne Swart To: FreeBSD Mailing List Message-ID: <20040209112634.S427@gemini.fixx.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Warning: 127.0.0.1 is in a black list at X-Spam-Score: 0.0 (/) Subject: slow ipfw rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2004 09:29:21 -0000 Helo everyone I have a nat box with a default to deny ruleset, but whenever i ftp through it i get a transfer rate of + - 3kb/s (over lan) Below are what i have in my firewall script: ipfw disable firewall ipfw -f flush int_if=fxp0 ext_if=rl0 # IPFW Count Rules for MRTG ipfw add 10001 count ip from 10.0.5.100 to any via $int_if ipfw add 10002 count ip from any to 10.0.5.100 via $int_if # NAT ipfw add divert natd ip from any to any via $ext_if # Established Rules ipfw add allow tcp from any to any established # Squid ipfw add allow tcp from to me 8080 # DNS ipfw add allow udp from any 53 to any ipfw add allow udp from any to any 53 # NFS Stuff ipfw add allow all from 10.0.5.252 to any ipfw add allow all from any to 10.0.5.252 # SNMP ipfw add allow tcp from to me 161 in via $ext_if ipfw add allow udp from to me 161 in via $ext_if # FTP ipfw add allow tcp from any to any 21 ipfw add allow tcp from any to any 20 ipfw add allow tcp from any to any 49152-65535 # Internal Lan ipfw add reset tcp from 10.0.5.0/24 to any 80 ipfw add allow all from 10.0.5.0/24 to 10.0.5.0/24 ipfw add allow all from any to 10.0.5.0/24 ipfw add allow all from 10.0.5.0/24 to any # HTTP ipfw add allow tcp from 10.0.5.0/24 to me 80 ipfw add allow tcp from to me 80 # ICMP ipfw add allow icmp from any to any # SSH ipfw add allow ip from to me # localhost ipfw add allow all from me to any # Finally - Enable the firewall again ipfw enable firewall I have replaced nic's and everythin but to no avail. Please help. Thanks Wayne In a world with no boundaries, Who Needs Gates?