slow ipfw rules
Wayne Swart
wayne at fixx.co.za
Mon Feb 9 01:29:21 PST 2004
Helo everyone
I have a nat box with a default to deny ruleset, but whenever i ftp
through it i get a transfer rate of + - 3kb/s (over lan)
Below are what i have in my firewall script:
ipfw disable firewall
ipfw -f flush
int_if=fxp0
ext_if=rl0
# IPFW Count Rules for MRTG
ipfw add 10001 count ip from 10.0.5.100 to any via $int_if
ipfw add 10002 count ip from any to 10.0.5.100 via $int_if
# NAT
ipfw add divert natd ip from any to any via $ext_if
# Established Rules
ipfw add allow tcp from any to any established
# Squid
ipfw add allow tcp from <someip> to me 8080
# DNS
ipfw add allow udp from any 53 to any
ipfw add allow udp from any to any 53
# NFS Stuff
ipfw add allow all from 10.0.5.252 to any
ipfw add allow all from any to 10.0.5.252
# SNMP
ipfw add allow tcp from <someip> to me 161 in via $ext_if
ipfw add allow udp from <someip> to me 161 in via $ext_if
# FTP
ipfw add allow tcp from any to any 21
ipfw add allow tcp from any to any 20
ipfw add allow tcp from any to any 49152-65535
# Internal Lan
ipfw add reset tcp from 10.0.5.0/24 to any 80
ipfw add allow all from 10.0.5.0/24 to 10.0.5.0/24
ipfw add allow all from any to 10.0.5.0/24
ipfw add allow all from 10.0.5.0/24 to any
# HTTP
ipfw add allow tcp from 10.0.5.0/24 to me 80
ipfw add allow tcp from <someip> to me 80
# ICMP
ipfw add allow icmp from any to any
# SSH
ipfw add allow ip from <someip> to me
# localhost
ipfw add allow all from me to any
# Finally - Enable the firewall again
ipfw enable firewall
I have replaced nic's and everythin but to no avail.
Please help.
Thanks
Wayne
In a world with no boundaries, Who Needs Gates?
More information about the freebsd-questions
mailing list