natd + ipfw - very slow internet for LAN users

Prodigy prodigy at punktas.lt
Wed Mar 10 09:32:22 PST 2004 

> Ping to an ip address does not use DNS.
> What is response time when you use ping domain name?
It's ~250ms for google.com and other domains (good enough too).

> I see you have forced ip address for your nic card connected to the
> public internet by using rc.conf statement.
> This looks wrong to me.
What's wrong with it? Can u give me other solutions? But anyway, with ipf +
ipnat the internet speed is OK.

> Explain in detail how you connection to your ISP and the layout of
> your private network.
Our ISP gave us ip and gateway, thats how we connect to internet (over dsl
modem threw lan card).
Some computers are connected in LAN via SWITCH. My router is connected to
that switch too. Lan users have configured their OS, that gateway is
192.168.0.1 (my router's LAN ip address).

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Prodigy
> Sent: Wednesday, March 10, 2004 10:18 AM
> To: freebsd-questions
> Subject: natd + ipfw - very slow internet for LAN users
>
> Hi,
>
> i'm sharing internet to my local area network (LAN) users with my
> router.  Everything would be fine, but internet is very slow. I
> tried to ping my ISP. Ping reply is ~50ms. It means, that internet
> for LAN users should be good enough, but it isn't. Ping reply in IRC
> is ~15 seconds. Then I try to open some internet pages, there is
> very big lag. Something is wrong with nating i think, can u tell me
> what? FreeBSD4.9-STABLE ipfw + natd
>
>
> Kernel configuration:
>
> # ... Some other stuff goes here
> options         IPFIREWALL
> options         IPFIREWALL_FORWARD
> options         IPFIREWALL_VERBOSE
> options         IPFIREWALL_VERBOSE_LIMIT=10
> options         IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting
> all packets by default
> options         IPDIVERT
> # ... Some other stuff goes here
>
>
> rc.conf:
>
> defaultrouter="213.190.42.1" # ISP gateway
> hostname="panemune.net"
> ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network
> (LAN) interface
> ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet
> (outside) interface
> # ... here goes some other stuff, like sshd_enable="YES", etc
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_script="/usr/local/etc/rc.firewall"
> firewall_quiet="YES"
> firewall_logging="YES"
> natd_enable="YES"
> natd_interface="ed1"
> natd_flags="-f /usr/local/etc/natd.conf"
>
>
> # cat /usr/local/etc/natd.conf
> same_ports yes
> use_sockets yes
> unregistered_only yes
>
> # cat /usr/local/etc/rc.firewall
> ipfw add 100 divert natd all from any to any via ed1
>
> # ipfw show
> 00100  469 26801 divert 8668 ip from any to any via ed1
> 65535 1072 60182 allow ip from any to any
>
> # cat /etc/services | grep natd
> natd            8668/divert # Network Address Translation
>
>
>
> Btw, when I used ipf + ipnat, internet for LAN users was good
> enough, but now it's horrible with natd + ipfw.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list