Thu Dec 4 06:34:31 PST 2003


i'm a reasonably experienced linux/bsd user - i've installed a few boxes in my time and usually with a good level of success. but this time i'm stumped. 

i'm trying to set up a freebsd gateway to share my cable modem connection. 

from the gateway itself i can ping the world, from the attached clients i can ping the world, i can even do dns lookups. doing:

curl --head

gives me a good-looking header and everything, but if i do 


no joy. i get:

HTTP request sent; waiting for response.

and it stops there. this is true from both the clients and the gateway itself. i just can't download anything for all the pings in the world.

my current set up is 

-- kernel config:

options IPDIVERT 

-- /etc/rc.conf

natd_interface=" rl0"

which are both straight out of the handbook.

-- ipfw -a list
00050 1844 130026 divert 8668 ip from any to any via rl0
00100   96  11166 allow ip from any to any via lo0
00200    0      0 deny ip from any to
00300    0      0 deny ip from to any
65000 2481 200907 allow ip from any to any
65535    0      0 allow ip from any to any

ethernet cards - a pair of 8139's - rl0 external, rl1 internal. as far as i can tell they work fine.

i've tried the same thing using ipfilter and ipnat instead of natd and ipfw - with the same results. 

i've noticed that if i turn on the firewall my pings to the isp's router are much much less reliable, sometimes losing 30%+ of the packets but generally degraded compared to the setup with no firewall enabled.

the firewall stats show that everything is passing ok. 

i really don't know what's going on. unfortunately my web searches have turned up nothing similar.

does anyone have any ideas/comments/suggestions/experience of the same? is it the network cards? pings from the client machine when connected directly work perfectly but from the gateway are at best a little dodgy - losing 15% of the packets.

any help greatly appreciated.


