natd + ipfw - very slow internet for LAN users

Prodigy prodigy at punktas.lt
Fri Mar 12 08:21:40 PST 2004 

Thanks for your sets, but anyway internet is very slow :(

# ipfw show
00100  617  59829 divert 8668 ip from any to any via ed1
00200  617  59829 allow ip from 213.190.42.48 to any keep-state via ed1
00300 1213 101401 allow ip from 192.168.0.0/24 to any keep-state via ed0
65535  409  26377 allow ip from any to any

# cat /usr/local/etc/ipfw.conf
fw="/sbin/ipfw -q"
oif="ed1"
iif="ed0"

${fw} add divert natd all from any to any via ${oif}
${fw} add allow all from 213.190.42.48 to any keep-state via ${oif}
${fw} add allow all from 192.168.0.1/24 to any keep-state via ${iif}

Btw, i have a static internet ip address, not the dynamic. I have read the
man ipfw BUGS section, but still I can't understand, how can i solve my
problem.

----- Original Message ----- 
From: "jon" <jonathan88 at email.com>
To: "Prodigy" <prodigy at punktas.lt>
Sent: Thursday, March 11, 2004 2:43 PM
Subject: Re: natd + ipfw - very slow internet for LAN users


> my set looks like this
>
> fw="/sbin/ipfw -q"
> oif="xl1"
> iif="xl0"
>
> ${fw} add divert natd all from any to any via ${oif}
> ${fw} add allow all from ${oip} to any keep-state via ${oif}
> ${fw} add allow all from 192.168.1.1/24  to any keep-state via ${iif}
>
> good luck
>
> * Prodigy <prodigy at punktas.lt> [2004-03-10 17:17:52 +0200]:
>
> > Hi,
> >
> > i'm sharing internet to my local area network (LAN) users with my
router.  Everything would be fine, but internet is very slow. I tried to
ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users
should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then
I try to open some internet pages, there is very big lag. Something is wrong
with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natd
> >
> >
> > Kernel configuration:
> >
> > # ... Some other stuff goes here
> > options         IPFIREWALL
> > options         IPFIREWALL_FORWARD
> > options         IPFIREWALL_VERBOSE
> > options         IPFIREWALL_VERBOSE_LIMIT=10
> > options         IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all
packets by default
> > options         IPDIVERT
> > # ... Some other stuff goes here
> >
> >
> > rc.conf:
> >
> > defaultrouter="213.190.42.1" # ISP gateway
> > hostname="panemune.net"
> > ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN)
interface
> > ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet
(outside) interface
> > # ... here goes some other stuff, like sshd_enable="YES", etc
> > gateway_enable="YES"
> > firewall_enable="YES"
> > firewall_script="/usr/local/etc/rc.firewall"
> > firewall_quiet="YES"
> > firewall_logging="YES"
> > natd_enable="YES"
> > natd_interface="ed1"
> > natd_flags="-f /usr/local/etc/natd.conf"
> >
> >
> > # cat /usr/local/etc/natd.conf
> > same_ports yes
> > use_sockets yes
> > unregistered_only yes
> >
> > # cat /usr/local/etc/rc.firewall
> > ipfw add 100 divert natd all from any to any via ed1
> >
> > # ipfw show
> > 00100  469 26801 divert 8668 ip from any to any via ed1
> > 65535 1072 60182 allow ip from any to any
> >
> > # cat /etc/services | grep natd
> > natd            8668/divert # Network Address Translation
> >
> >
> >
> > Btw, when I used ipf + ipnat, internet for LAN users was good enough,
but now it's horrible with natd + ipfw.
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>
> -- 
> Jon
> This is BSD country. If you listen carefully, you can hear Windows
reboot...
>
> For GnuPG/PGP key send message to jonathan88 at email.com with
> subject "key request pgp" or "key request gnupg".

More information about the freebsd-questions mailing list