natd + ipfw - very slow internet for LAN users
Prodigy
prodigy at punktas.lt
Wed Mar 10 07:18:15 PST 2004
Hi,
i'm sharing internet to my local area network (LAN) users with my router. Everything would be fine, but internet is very slow. I tried to ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then I try to open some internet pages, there is very big lag. Something is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natd
Kernel configuration:
# ... Some other stuff goes here
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all packets by default
options IPDIVERT
# ... Some other stuff goes here
rc.conf:
defaultrouter="213.190.42.1" # ISP gateway
hostname="panemune.net"
ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN) interface
ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet (outside) interface
# ... here goes some other stuff, like sshd_enable="YES", etc
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/rc.firewall"
firewall_quiet="YES"
firewall_logging="YES"
natd_enable="YES"
natd_interface="ed1"
natd_flags="-f /usr/local/etc/natd.conf"
# cat /usr/local/etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only yes
# cat /usr/local/etc/rc.firewall
ipfw add 100 divert natd all from any to any via ed1
# ipfw show
00100 469 26801 divert 8668 ip from any to any via ed1
65535 1072 60182 allow ip from any to any
# cat /etc/services | grep natd
natd 8668/divert # Network Address Translation
Btw, when I used ipf + ipnat, internet for LAN users was good enough, but now it's horrible with natd + ipfw.
More information about the freebsd-questions
mailing list