slow ipfw rules

Wayne Swart wayne at fixx.co.za
Mon Feb 9 01:29:21 PST 2004


Helo everyone

I have a nat box with a default to deny ruleset, but whenever i ftp
through it i get a transfer rate of + - 3kb/s (over lan)

Below are what i have in my firewall script:


ipfw disable firewall
ipfw -f flush

int_if=fxp0
ext_if=rl0

# IPFW Count Rules for MRTG
ipfw add 10001 count ip from 10.0.5.100 to any via $int_if
ipfw add 10002 count ip from any to 10.0.5.100 via $int_if

# NAT
ipfw add divert natd ip from any to any via $ext_if

# Established Rules
ipfw add allow tcp from any to any established

# Squid
ipfw add allow tcp from <someip> to me 8080

# DNS
ipfw add allow udp from any 53 to any
ipfw add allow udp from any to any 53

# NFS Stuff
ipfw add allow all from 10.0.5.252 to any
ipfw add allow all from any to 10.0.5.252

# SNMP
ipfw add allow tcp from <someip> to me 161 in via $ext_if
ipfw add allow udp from <someip> to me 161 in via $ext_if

# FTP
ipfw add allow tcp from any to any 21
ipfw add allow tcp from any to any 20
ipfw add allow tcp from any to any 49152-65535

# Internal Lan
ipfw add reset tcp from 10.0.5.0/24 to any 80
ipfw add allow all from 10.0.5.0/24 to 10.0.5.0/24
ipfw add allow all from any to 10.0.5.0/24
ipfw add allow all from 10.0.5.0/24 to any

# HTTP
ipfw add allow tcp from 10.0.5.0/24 to me 80
ipfw add allow tcp from <someip> to me 80

# ICMP
ipfw add allow icmp from any to any

# SSH
ipfw add allow ip from <someip> to me

# localhost
ipfw add allow all from me to any

# Finally - Enable the firewall again
ipfw enable firewall

I have replaced nic's and everythin but to no avail.
Please help.

Thanks

Wayne

In a world with no boundaries, Who Needs Gates?


More information about the freebsd-questions mailing list