Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Mar 2004 17:17:52 +0200
From:      "Prodigy" <prodigy@punktas.lt>
To:        "freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   natd + ipfw - very slow internet for LAN users
Message-ID:  <001e01c406b2$e26b3a80$1e00a8c0@prodigy>
next in thread | raw e-mail | index | archive | help 

Hi,

i'm sharing internet to my local area network (LAN) users with my router.  Everything would be fine, but internet is very slow. I tried to ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then I try to open some internet pages, there is very big lag. Something is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natd


Kernel configuration:

# ... Some other stuff goes here
options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=10
options         IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all packets by default
options         IPDIVERT
# ... Some other stuff goes here


rc.conf:

defaultrouter="213.190.42.1" # ISP gateway
hostname="panemune.net"
ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN) interface
ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet (outside) interface
# ... here goes some other stuff, like sshd_enable="YES", etc
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/rc.firewall"
firewall_quiet="YES"
firewall_logging="YES"
natd_enable="YES"
natd_interface="ed1"
natd_flags="-f /usr/local/etc/natd.conf"


# cat /usr/local/etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only yes

# cat /usr/local/etc/rc.firewall
ipfw add 100 divert natd all from any to any via ed1

# ipfw show
00100  469 26801 divert 8668 ip from any to any via ed1
65535 1072 60182 allow ip from any to any

# cat /etc/services | grep natd
natd            8668/divert # Network Address Translation



Btw, when I used ipf + ipnat, internet for LAN users was good enough, but now it's horrible with natd + ipfw.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001e01c406b2$e26b3a80$1e00a8c0>